jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Angela Schreiber <anch...@adobe.com>
Subject Re: Access Control Management with JCR
Date Thu, 18 Aug 2011 15:12:49 GMT

On 8/18/11 4:19 PM, Mark Herman wrote:
> 1. I think that should work.  This approach is kind of a "everything open
> unless I close it" mindset, where you may want to consider "everything is
> closed unless I open it."  If myapp and blog need anonymous access for some
> reason you may want to restructure so the content folders don't need to be
> under them.
> 2. All permissions will only go down a hierarchy.  Changing the permissions
> on a child won't have any effect on the parent (except for the fact that it's
> child was changed).  Obviously changed to the parents security will be
> inherited by the children.

... unless you explicitly stop the inheritance by specifying
an extra restriction with that ACE that only matches the
parent node. this is part of the jackrabbit-specific extension
of the JCR access control API.

> 3. I'm not too familiar but through trial and error it looks like you need to
> add jcr:nodeTypeManagement as well.  I guess choosing a primary node type for
> a new node counts as nodeTypeManagement.

correct, Node.addNode(String) does not need the extra privilege
but Node.addNode(String, String ntName) does.


View raw message