On 4/22/13 1:37 PM, Jukka Zitting wrote:
Hi,
On Mon, Apr 22, 2013 at 2:14 PM, Angela Schreiber<[email protected]> wrote:
that's basically my proposal a) but i am not totally sure if that's
the best solution... in particular it will not work if someone
would deny read-access to a 'user' on the root node...
Wouldn't an ACL on the /jcr:system subtree override one on the root node?
it would as long as only aces for group principals are used.
but user principals take precedence over group principals...
in addition
i am not sure, if we really want to have full/regular ac-evaluation
for those trees...
I don't see much harm in having them under normal access control.
no harm. but it feels strange to me... and it might also be
troublesome when it comes to upgrading an existing repository.
Did
you have something specific in mind? On the contrary, avoiding a
special case for this should help keep the relevant code simple.
maybe... but if this kind of access is *always* required there
is not much benefit in making it look as if it could be edited.
more to come in the issue...
angela
BR,
Jukka Zitting
