You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@jackrabbit.apache.org by anjan <po...@gmail.com> on 2014/01/07 06:25:34 UTC
ACL inheritance
The question I have regarding the ACL inheritance can be explained taking the
below example:
Let us assume that there is a folder 'parent-folder' whose child is
'child-folder'. Assume that 'parent-folder' was assigned "jcr:read"
privilege for "everyone" logical group and "jcr:write" privilege for
"Managers" group.
If we don't want all the users to view 'child-folder', then we need to set
"jcr:read" privilege to "deny" for "everyone" group at the 'child-folder'
level. Since ACEs defined on a particular node take precedence over
inherited onces, none of the users will be able to view 'child-folder' (even
though "jcr:write" privilege for "Managers" group is present in
'parent-folder'). "jcr:write" privilege for "Managers" group needs to be
applied at the 'child-folder' as well for the users of "Managers" group to
read and write. Is this the expected behavior?
As noted in Jackrabbit wiki, a core concept of resource-based ACLs is that
they inherit the ACLs from the parent node, thus for each node, all the ACLs
of its ancestor come into play as well. But in the above scenario, setting
"jcr:read" privilege to "deny" for "everyone" group will effectively stop
the inheritance.
--
View this message in context: http://jackrabbit.510166.n4.nabble.com/ACL-inheritance-tp4660110.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
Re: ACL inheritance
Posted by Justin Edelson <ju...@justinedelson.com>.
Hi,
Your question seems to be... if I deny read access to everyone, does
that deny read access to everyone? In which case the answer is yes.
Justin
On Mon, May 5, 2014 at 6:48 AM, anjan <po...@gmail.com> wrote:
> I am still having this question. Can anyone please clarify my understanding.
> Appreciate your help.
>
>
>
> --
> View this message in context: http://jackrabbit.510166.n4.nabble.com/ACL-inheritance-tp4660110p4660815.html
> Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
Re: ACL inheritance
Posted by anjan <po...@gmail.com>.
I am still having this question. Can anyone please clarify my understanding.
Appreciate your help.
--
View this message in context: http://jackrabbit.510166.n4.nabble.com/ACL-inheritance-tp4660110p4660815.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.