jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Herman" <MHer...@NBME.org>
Subject RE: Access Control Management with JCR
Date Thu, 18 Aug 2011 17:37:39 GMT
>Thanks Mark. So, I will try to restructure and may be get the private,
>public and shared folders up at the root level and then have different app
>content within them depending on the permissions. Also, on the same lines,
>does it make sense to have a separate folder for each user under the
>'private' folder to separate the content?

I think so. You either can apply permissions on every node you add, or rely
on the inheritance.  Otherwise you could have everything open and implement
the security in your application but I wouldn't recommend that.

>I am confused on what is the best way to manage user specific content. I
>read about the clear indication of not to use workspaces for individual
>users. Keeping that in mind, I would prefer to have a separate folder for
>each user and give the control to the owner. By going with this approach the
>number of folders will grow with the number of users and that may be huge. I
>don't know about Jackrabbit's limitations but can you or anyone on this
>mailing list suggest from one's experience?

I definitely agree that separate workspaces is not a good idea. I think
having a large number of workspaces is going to hurt you before having the
same number of children under one node in one workspace.  How many users are
you talking about?  If it's under 10k you should be fine.  If it's more you
might just want to manually break it up by alphabet, or use something like
jackrabbit's BTreeManager [1].  That should create a balanced hierarchy
underneath one node when all you're doing is adding to the top node.  The
downside is you can't assume anything about the path, so you either have to
query without the path, or get the NodeSequence from the treemanager and call


View raw message