You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "angela (JIRA)" <ji...@apache.org> on 2019/08/09 14:06:00 UTC

[jira] [Updated] (SLING-8602) Add support for PrincipalAccessControlList and ac-management by principal

     [ https://issues.apache.org/jira/browse/SLING-8602?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

angela updated SLING-8602:
--------------------------
    Attachment: SLING-8602-parser.patch
                SLING-8602-jcr.patch

> Add support for PrincipalAccessControlList and ac-management by principal
> -------------------------------------------------------------------------
>
>                 Key: SLING-8602
>                 URL: https://issues.apache.org/jira/browse/SLING-8602
>             Project: Sling
>          Issue Type: New Feature
>          Components: Repoinit
>            Reporter: angela
>            Priority: Major
>         Attachments: SLING-8602-jcr.patch, SLING-8602-parser.patch
>
>
> with JCR-4429 comes a new type of {{JackrabbitAccessControlList}} that allows to provide native support for access control management by principal as defined by {{org.apache.jackrabbit.api.security.JackrabbitAccessControlManager}}.  
> now that there exists a new authorization model in Oak (OAK-8190) that implements these extensions, it would be desirable if the repo-init would cover access control management by principal.
> note: while the original aim of OAK-8190 was to store permissions for system users (aka service users) separately, the implementation in _oak-authorization-principalbased_ is not limited to system users and doesn't mandate the policies to be stored with a user node. the location of the access controlled node is an implementation detail that can be changed. see Jackrabbit API and http://jackrabbit.apache.org/oak/docs/security/authorization/principalbased.html for additional details.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)