jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "arcassis@gmail.com" <arcas...@gmail.com>
Subject Need help regarding privilege evaluation in JR !
Date Wed, 09 Sep 2009 08:36:07 GMT
Hello all,

I have a very big problem regarding privileges.
Can someone give me an url or some documentation about how the privileges
are applied in Jackarabbit.
Right now I'm having problems regarding this specific matter:

Privileges on Root (/):
-----------------------------------------------
allow -> administrators: jcr:all
allow -> All Users: jcr:read
allow -> adminOnRoot: jcr:read, jcr:notifyOnChange, rep:write,
jcr:readAccessControl, jcr:modifyAccessControl, jcr:versionManagement,
jcr:lockManagement, jcr:retentionManagement
-----------------------------------------------


Privileges on an intermediary node (/categoryOne)
This node is not access controllable

Privileges on my document (/categoryOne/MyDocument) [node that I want to
delete]:
-----------------------------------------------
allow -> All Users: jcr:read
allow -> user01: jcr:read, jcr:removeChildNodes, jcr:removeNode,
jcr:readAccessControl, jcr:modifyAccessControl, jcr:versionManagement,
jcr:lockManagement
deny  -> adminOnRoot: jcr:notifyOnChange, jcr:modifyProperties,
jcr:removeChildNodes, jcr:removeNode, jcr:readAccessControl,
jcr:modifyAccessControl, jcr:versionManagement, jcr:lockManagement
-----------------------------------------------

I'm logged in Jackrabbit with user01, (user01 belongs only to All Users).
When I try to delete /categoryOne/MyDocument I get an "access denied
exception!".
If I add jcr:modifyProperties to user01's allow ACE(on node
/categoryOne/MyDocument) and add the user01 to adminOnRoot group then i can
delete the node. This is weird !

Can anyone explain why is this happening, or which is the normal flow and
logic behind evaluating privileges in Jackarabbit ?

Many thanks !

Dan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message