You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "angela (JIRA)" <ji...@apache.org> on 2015/09/29 14:05:06 UTC

[jira] [Resolved] (OAK-3457) Multivalued restriction to limit effect of ACE to items with a given name

     [ https://issues.apache.org/jira/browse/OAK-3457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela resolved OAK-3457.
-------------------------
    Resolution: Fixed

> Multivalued restriction to limit effect of ACE to items with a given name
> -------------------------------------------------------------------------
>
>                 Key: OAK-3457
>                 URL: https://issues.apache.org/jira/browse/OAK-3457
>             Project: Jackrabbit Oak
>          Issue Type: New Feature
>          Components: core
>            Reporter: angela
>            Assignee: angela
>            Priority: Minor
>             Fix For: 1.3.8
>
>
> with the current wildcard-based glob restriction it's not possible to limit the effect of a single ACE to properties or nodes matching a given set of names.
> examples:
> - grant rep:readProperties privilege for properties named jcr:primaryType or jcr:mixinTypes (i.e. only default properties present with all jcr nodes such as defined by nt:base)
> - grant rep:userManagement privilege only for items named rep:members (i.e. limit the effect that only members can be added or removed but other kind of user management action is denied)
> - deny creation of child nodes named 'jcr:content' or 'content' or 'rep:content' or 'my:content'



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)