hi jukka
How about my suggestion of including a default ACL on /jcr:system that grants read permission to that subtree to everyone, regardless of what access controls are defined on the root node?
that's basically my proposal a) but i am not totally sure if that's the best solution... in particular it will not work if someone would deny read-access to a 'user' on the root node... in addition i am not sure, if we really want to have full/regular ac-evaluation for those trees... anyway... i will try it and attach patches to the issue. regards angela
