svn commit: r1785134 - /jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/differences.md

[angela]

Author: angela
Date: Thu Mar  2 13:41:47 2017
New Revision: 1785134

URL: http://svn.apache.org/viewvc?rev=1785134&view=rev
Log:
OAK-5789 : Oak does not enforce jcr:namespaceManagement at path level

Modified:
    
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/differences.md

Modified: 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/differences.md
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/differences.md?rev=1785134&r1=1785133&r2=1785134&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/differences.md
 (original)
+++ 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/permission/differences.md
 Thu Mar  2 13:41:47 2017
@@ -92,6 +92,13 @@ have a versionable node in this workspac
 the effective permissions that would apply to that node if the version was 
restored.
 This changes is covered by [OAK-444] and addresses concerns summarized in 
[JCR-2963].
 
+##### Repository Level Operations
+Repository level operations such as namespace, nodetype, privilege and 
workspace
+management require permissions to be defined at the repository level such as 
+outlined by JSR 283. This implies that access control policies need to be set 
at
+the `null` path. In contrast to Jackrabbit 2.x permissions defined at any 
regular
+path such as e.g. the root path with be ignored.
+
 #### Configuration
 
 The `omit-default-permission` configuration option present with the 
Jackrabbit's AccessControlProvider