jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anuj Kumar <anujs...@gmail.com>
Subject Re: Access Control Management with JCR
Date Thu, 18 Aug 2011 17:49:55 GMT
On Thu, Aug 18, 2011 at 11:07 PM, Mark Herman <MHerman@nbme.org> wrote:

> >Thanks Mark. So, I will try to restructure and may be get the private,
> >public and shared folders up at the root level and then have different app
> >content within them depending on the permissions. Also, on the same lines,
> >does it make sense to have a separate folder for each user under the
> >'private' folder to separate the content?
> I think so. You either can apply permissions on every node you add, or rely
> on the inheritance.  Otherwise you could have everything open and implement
> the security in your application but I wouldn't recommend that.

Thanks. As you mentioned, permission at node level will be a better choice
instead of leaving everything open.

> >I am confused on what is the best way to manage user specific content. I
> >read about the clear indication of not to use workspaces for individual
> >users. Keeping that in mind, I would prefer to have a separate folder for
> >each user and give the control to the owner. By going with this approach
> the
> >number of folders will grow with the number of users and that may be huge.
> I
> >don't know about Jackrabbit's limitations but can you or anyone on this
> >mailing list suggest from one's experience?
> I definitely agree that separate workspaces is not a good idea. I think
> having a large number of workspaces is going to hurt you before having the
> same number of children under one node in one workspace.  How many users
> are
> you talking about?  If it's under 10k you should be fine.  If it's more you
> might just want to manually break it up by alphabet, or use something like
> jackrabbit's BTreeManager [1].  That should create a balanced hierarchy
> underneath one node when all you're doing is adding to the top node.  The
> downside is you can't assume anything about the path, so you either have to
> query without the path, or get the NodeSequence from the treemanager and
> call
> nodes.getItem("username")

The number of users will be more than 50k. So, I will check BTreeManager.
Thanks a lot Mark. This was really helpful.

> [1]
> http://jackrabbit.apache.org/api/2.2/org/apache/jackrabbit/commons/flat/BTree
> Manager.html

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message