jackrabbit-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tobias Bocanegra <tri...@apache.org>
Subject Re: Group membership is not honoured?
Date Thu, 12 Dec 2013 18:17:24 GMT
Hi Anjan,
I don't really see how the ACL is setup. can you export a JSON dump of
the respective rep:policy node?
everyone does not have a special priority, the order of the ACEs is important.

regards, toby

On Thu, Dec 12, 2013 at 2:32 AM, anjan <polisettya@gmail.com> wrote:
> To further update, here are the permissions I see for the "child" folder.
>
> {"Managers":{"principal":"Managers","granted":["jcr:read"],"order":0},"everyone":{"principal":"everyone","granted":["jcr:readAccessControl","jcr:removeChildNodes"],*"denied":["jcr:read"]*,"order":1},"administrators":{"principal":"administrators","granted":["jcr:all"],"order":2}}
>
> Please note that on the "child" folder "everyone" is having "jcr:read"
> denied privilege (bold above).
>
> After some debugging, I noticed that because of this deny access on
> "everyone" principal, "test" user cannot see "child" folder.  Since "test"
> user belongs to "Managers" group and this group has "jcr:read" privilege, I
> thought "test" user will see this folder.  But it is not the case.
>
> Does this mean that "everyone" takes precedence in all the scenarios
> irrespective of the order of ACEs?  Can anyone clarify.
>
>
>
> --
> View this message in context: http://jackrabbit.510166.n4.nabble.com/Group-membership-is-not-honoured-tp4660059p4660063.html
> Sent from the Jackrabbit - Users mailing list archive at Nabble.com.

Mime
View raw message