You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2015/09/29 14:05:06 UTC
[jira] [Resolved] (OAK-3457) Multivalued restriction to limit
effect of ACE to items with a given name
[ https://issues.apache.org/jira/browse/OAK-3457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela resolved OAK-3457.
-------------------------
Resolution: Fixed
> Multivalued restriction to limit effect of ACE to items with a given name
> -------------------------------------------------------------------------
>
> Key: OAK-3457
> URL: https://issues.apache.org/jira/browse/OAK-3457
> Project: Jackrabbit Oak
> Issue Type: New Feature
> Components: core
> Reporter: angela
> Assignee: angela
> Priority: Minor
> Fix For: 1.3.8
>
>
> with the current wildcard-based glob restriction it's not possible to limit the effect of a single ACE to properties or nodes matching a given set of names.
> examples:
> - grant rep:readProperties privilege for properties named jcr:primaryType or jcr:mixinTypes (i.e. only default properties present with all jcr nodes such as defined by nt:base)
> - grant rep:userManagement privilege only for items named rep:members (i.e. limit the effect that only members can be added or removed but other kind of user management action is denied)
> - deny creation of child nodes named 'jcr:content' or 'content' or 'rep:content' or 'my:content'
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)