jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anjan <poliset...@gmail.com>
Subject Group membership and Privileges
Date Fri, 20 Sep 2013 11:42:41 GMT
I have a node (of type nt:folder) where the below privileges are granted for
the user "test".

jcr:primaryType = rep:GrantACE
rep:privileges    =   
['jcr:modifyProperties','jcr:read','jcr:versionManagement'].

Now I am able to create a child node (of type nt:folder) successfully with
"test" user even though "test" user doesn't have the "jcr:addChildNodes"
privilege.

This "test" user also belong to "administrator" group and I believe this
group has "jcr:all" privileges assigned to it.

But based on my understanding, if ACEs are defined for USER principal they
will take precedence over the group principals.  So I am not sure how "test"
user can successfully create a child node.  Am I missing something here?  





--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Group-membership-and-Privileges-tp4659561.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Mime
View raw message