jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anjan <poliset...@gmail.com>
Subject Re: Group membership is not honoured?
Date Fri, 13 Dec 2013 05:40:43 GMT
Hi Toby, based on your suggestion, I re-ordered the aces.  Here is the new
order.

{
    "everyone": {
        "principal": "everyone",
        "denied": [
            "jcr:read"
        ],
        "order": 0
    },
    "Managers": {
        "principal": "Managers",
        "granted": [
            "jcr:read"
        ],
        "denied": [
            "jcr:removeNode",
            "jcr:modifyAccessControl",
            "jcr:versionManagement",
            "jcr:nodeTypeManagement",
            "jcr:modifyProperties",
            "jcr:addChildNodes"
        ],
        "order": 1
    }
}

And you are correct.  Now "test" user can see the "child" folder.  I guess
where I got stumped was that when "Managers" is the first ace and if I am
allowing "jcr:read" for that group, I expected it to work for all the users
of this group.  But I didn't realize that "everyone" is also checked.  My
bad.

Thanks a lot for your help.  Really appreciate it.



--
View this message in context: http://jackrabbit.510166.n4.nabble.com/Group-membership-is-not-honoured-tp4660059p4660068.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Mime
View raw message