[
https://issues.apache.org/jira/browse/SLING-8602?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16933532#comment-16933532
]
angela commented on SLING-8602:
-------------------------------
[~rombert], updated patches to reflected the changes requested in SLING-8619.
in addition change scope of dependency to _oak-authorization-principalbased_ to
{{test}}.
> Add support for PrincipalAccessControlList and ac-management by principal
> -------------------------------------------------------------------------
>
> Key: SLING-8602
> URL: https://issues.apache.org/jira/browse/SLING-8602
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
> Reporter: angela
> Assignee: Robert Munteanu
> Priority: Major
> Labels: Sling-12-ReleaseNotes
> Fix For: Repoinit Parser 1.2.8, Repoinit JCR 1.1.14
>
> Attachments: SLING-8602-jcr-2.patch, SLING-8602-jcr.patch,
> SLING-8602-parser-2.patch, SLING-8602-parser.patch
>
>
> with JCR-4429 comes a new type of {{JackrabbitAccessControlList}} that allows
> to provide native support for access control management by principal as
> defined by
> {{org.apache.jackrabbit.api.security.JackrabbitAccessControlManager}}.
> now that there exists a new authorization model in Oak (OAK-8190) that
> implements these extensions, it would be desirable if the repo-init would
> cover access control management by principal.
> note: while the original aim of OAK-8190 was to store permissions for system
> users (aka service users) separately, the implementation in
> _oak-authorization-principalbased_ is not limited to system users and doesn't
> mandate the policies to be stored with a user node. the location of the
> access controlled node is an implementation detail that can be changed. see
> Jackrabbit API and
> http://jackrabbit.apache.org/oak/docs/security/authorization/principalbased.html
> for additional details.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
