jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anjan <poliset...@gmail.com>
Subject Re: Group membership is not honoured?
Date Thu, 12 Dec 2013 10:32:25 GMT
To further update, here are the permissions I see for the "child" folder.

{"Managers":{"principal":"Managers","granted":["jcr:read"],"order":0},"everyone":{"principal":"everyone","granted":["jcr:readAccessControl","jcr:removeChildNodes"],*"denied":["jcr:read"]*,"order":1},"administrators":{"principal":"administrators","granted":["jcr:all"],"order":2}}

Please note that on the "child" folder "everyone" is having "jcr:read"
denied privilege (bold above).

After some debugging, I noticed that because of this deny access on
"everyone" principal, "test" user cannot see "child" folder.  Since "test"
user belongs to "Managers" group and this group has "jcr:read" privilege, I
thought "test" user will see this folder.  But it is not the case.

Does this mean that "everyone" takes precedence in all the scenarios
irrespective of the order of ACEs?  Can anyone clarify.



--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Group-membership-is-not-honoured-tp4660059p4660063.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Mime
View raw message