jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From husbas <husain.basraw...@gmail.com>
Subject Re: Using rescrictions in Principal based ACL
Date Wed, 01 Jun 2011 16:34:28 GMT
>the acls reside in a workspace an not the whole repository...
>not sure what you mean.
I was not clear enough.
Basically I created a user and created an ACE entry for it with jcr:read for
path "/". This worked fine and the user got read access to the full
workspace. Then I removed all the ACE entries for this user. So the policy
rep:accesscontrol/rep:security...../t/to/tom/rep:policy (I don't have the
exact node path right now) exists but there are no ACEs within, its a policy
node with no entries.
Does this mean that the user still has the jcr:read or some set of default


On Wed, Jun 1, 2011 at 6:50 PM, Angela Schreiber-2 [via Jackrabbit] <
ml-node+3566044-1013664766-241589@n4.nabble.com> wrote:

> hi husain
> > Another one.
> > I created a user using UserManager and have a blank ACL in the
> repository.
> the acls reside in a workspace an not the whole repository...
> not sure what you mean.
> > That is there are no ACE for the uesr. However, the user still has
> complete
> > access to the repository. Is that the default policy? How can I change
> that?
> > I am using Principal based ACLProvider.
> what are the permissions granted to the everyone group?
> if i remember correctly the default setup grants jcr:read privilege to
> everyone. this can be turned off by setting the omit-default-permission
> parameter in the ac-provider configuration. (if the ace has already
> been created before you need to remove it using the API).
> is this what you are looking for?
> angela
> ------------------------------
>  If you reply to this email, your message will be added to the discussion
> below:
> http://jackrabbit.510166.n4.nabble.com/Using-rescrictions-in-Principal-based-ACL-tp3562758p3566044.html
>  To unsubscribe from Using rescrictions in Principal based ACL, click here<http://jackrabbit.510166.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=3562758&code=aHVzYWluLmJhc3Jhd2FsYUBnbWFpbC5jb218MzU2Mjc1OHwzMzkxMjY0ODc=>.


View this message in context: http://jackrabbit.510166.n4.nabble.com/Using-rescrictions-in-Principal-based-ACL-tp3562758p3566276.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message