jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: ACL and Version Control
Date Tue, 26 Jul 2011 08:32:48 GMT
hi chad

in order to execute version operations a principal must
have jcr:versionManagement privilege [1] on the corresponding
versionable node.

note however, that this only covers the execution. reading
version related content is controlled by regular read permissions.
one more thing to be aware of: version operations such as checkin
also require read-access to the corresponding part of the version
storage. this is rather cumbersome and covered by an jira issue [2]

hope that helps
angela


[1] 
http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/security/Privilege.html#JCR_VERSION_MANAGEMENT
[2] https://issues.apache.org/jira/browse/JCR-2963


On 7/25/11 10:12 PM, ChadDavis wrote:
> I'm using ACL's to control access to subtrees.  This works great, but
> I noticed that now my version control stuff fails because it doesn't
> have the proper access.  I can get this to work, but I can't really
> decide what the best way of addressing this is.
>
> 1) when I create my Jackrabbit users ( I'm using the jackrabbit user
> management extensions ), their content subtrees and the associated
> ACL's, I could attempt to also attach an ACL for that user to the
> version control tree.  This, however, strikes me as a bit odd, and
> perhaps unwieldy.
>
> OR
>
> 2) I can simply user a repo-wide admin user, who has access to
> everything, do these actions.
>
> How do other folks handle this?  Thoughts?

Mime
View raw message