Hi Marco It depends a bit on how you originally setup the 'ownership' in the first place. - if you have granted permissions to userA _on_ that very node, you can simply remove the entries and create new ones for the new owner. - if you have granted permissions to userA on a _parent_ node you can either fix the entries at the parent or add a denying entry at the target. - if permissions are inherited from other principals (e.g. through group membership) you can either 'fix' the set of principals that is add to the Subject upon login (e.g. through changes of group membership) or again through an explicit deny. Which variant (and there might be some more) is the best one, depends on your requirements. Also note that for modification of the permission setup your session not only requires regular write privileges but read/modify access control privileges.
See the Oak documentation for additional details in particular http://jackrabbit.apache.org/oak/docs/security/permission/evaluation.html You may also want to take a look at the oak-exercise module which comes with quite some training material for the default authorisation model. Hope that helps Angela On 13/02/18 18:36, "Marco Piovesana" <pioves...@esteco.com> wrote: >Hi all, >is it possible to change the owner of a node? What I'm trying to do is >move >a node created by userA from its original folder to another place. After >the node is moved I want to revoke all permission to userA on that node. > >Marco.