angela created SLING-7061:
-----------------------------
Summary: Access control setup of repository-level permissions
(i.e. null path)
Key: SLING-7061
URL: https://issues.apache.org/jira/browse/SLING-7061
Project: Sling
Issue Type: Improvement
Components: Repoinit
Reporter: angela
If I am not mistaken it is currently not possible to create access control
setup for principals at the 'null' path, which according to JSR 283 is to be
used to setup repository level permissions such as
- node type definition management (i.e. registering new node types)
- namespace management (i.e. registering new namespaces)
- privilege management (i.e. registering new privileges)
- workspace management (i.e. creating/removing workspaces)
All of these operations are not bound to a path (like e.g. removing an item or
creating a new version for a given node) but instead take global effect on the
whole JCR repository... that's why permissions for these operations cannot be
granted at a given path.
In the default authorization model shipped with Jackrabbit and Oak the -null-
path access control policy is stored with a dedicated _rep:repoPolicy_ node
located with the root node and
For service user definitions we need to be able to define entries for the
-null- path policy for the reasons explained above. Thanks for extending the
repo-init accordingly.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
