[jira] [Commented] (SLING-8602) Add support for PrincipalAccessControlList and ac-management by principal

Thu, 19 Sep 2019 23:51:35 -0700 


    [ 
https://issues.apache.org/jira/browse/SLING-8602?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16934128#comment-16934128
 ] 

angela commented on SLING-8602:
-------------------------------

[~edn], oak out of the box (i.e. with the default authorization setup) already 
comes with non-acl policies (see oak documentation and exercises). if the 
modules you mention follows JCR specification and API contracts, i would assume 
already has handling for non-acl policies in place.

> Add support for PrincipalAccessControlList and ac-management by principal
> -------------------------------------------------------------------------
>
>                 Key: SLING-8602
>                 URL: https://issues.apache.org/jira/browse/SLING-8602
>             Project: Sling
>          Issue Type: New Feature
>          Components: Repoinit
>            Reporter: angela
>            Assignee: Robert Munteanu
>            Priority: Major
>              Labels: Sling-12-ReleaseNotes
>             Fix For: Repoinit Parser 1.2.8, Repoinit JCR 1.1.14
>
>         Attachments: SLING-8602-jcr-2.patch, SLING-8602-jcr.patch, 
> SLING-8602-parser-2.patch, SLING-8602-parser.patch
>
>
> with JCR-4429 comes a new type of {{JackrabbitAccessControlList}} that allows 
> to provide native support for access control management by principal as 
> defined by 
> {{org.apache.jackrabbit.api.security.JackrabbitAccessControlManager}}.  
> now that there exists a new authorization model in Oak (OAK-8190) that 
> implements these extensions, it would be desirable if the repo-init would 
> cover access control management by principal.
> note: while the original aim of OAK-8190 was to store permissions for system 
> users (aka service users) separately, the implementation in 
> _oak-authorization-principalbased_ is not limited to system users and doesn't 
> mandate the policies to be stored with a user node. the location of the 
> access controlled node is an implementation detail that can be changed. see 
> Jackrabbit API and 
> http://jackrabbit.apache.org/oak/docs/security/authorization/principalbased.html
>  for additional details.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to