hi jukka oak only has 2 built-in users: admin and anonymous. we don't have an administrators group and we can't predefine the access control content as this depends on the repository setup... we don't and should not mandate a particular access control model.
we could however treat the built-in index definitions as repository internal content such as we do for the permission store. but if we do, we should make this configurable and extensible. kind regards angela On 11/13/13 6:27 PM, "Jukka Zitting" <[email protected]> wrote: >Hi, > >On Wed, Nov 13, 2013 at 12:16 PM, Angela Schreiber <[email protected]> >wrote: >> regarding restricting permissions: >> we should have that in the default setup instead of relying on >> some specific user of OAK to remember to setup it. experience >> shows that this simply doesn't work; we have to make the repository >> secure by default. > >How about we restrict the default indexes in /oak:index to administrators? > >BR, > >Jukka Zitting
