[
https://issues.apache.org/jira/browse/SLING-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15399082#comment-15399082
]
angela commented on SLING-5848:
-------------------------------
[~bdelacretaz], i am sorry... but that doesn't make any sense to me. the
Jackrabbit UserManagement API doesn't not specify _any_ limitations when it
comes to user Ids and a system/service user is just a variant of a regular user.
as stated above it seems that Sling has an issue with dots in node names but
that's definitely not an issue that the repo init or JCR or Oak should care
about; also you cannot prevent someone from creating a user using the regular
Jackrabbit API calls or XML import and as such not using the repo-init provided
by Sling.
So, -1 for that proposal.
> Define service user and ACLs for Scripting
> ------------------------------------------
>
> Key: SLING-5848
> URL: https://issues.apache.org/jira/browse/SLING-5848
> Project: Sling
> Issue Type: Task
> Components: Scripting
> Reporter: Oliver Lietz
>
> Scripting implementations require a (service) ResourceResolver with very
> limited read rights to read scripts.
> Reading can be limited to these paths:
> * {{/apps}}
> * {{/libs}}
> * {{/etc}} (?)
> Name for service user: {{scripting}} or {{sling-scripting}} or
> {{sling.scripting}} (?)
> *repoinit:*
> {noformat}
> create path /apps
> create path /libs
> create service user sling-scripting
> set ACL for sling-scripting
> allow jcr:read on /apps
> allow jcr:read on /libs
> end
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
