Hi Angela, thanks for the answer. I thought (and I was wrong) that the user that created a node would have had complete control on it (and not just the permissions explicitly granted to him). That's why my question... thanks again for the clarification.
Marco. On Wed, Feb 14, 2018 at 9:47 AM Angela Schreiber <anch...@adobe.com.invalid> wrote: > Hi Marco > > It depends a bit on how you originally setup the 'ownership' in the first > place. > - if you have granted permissions to userA _on_ that very node, you can > simply remove the entries and create new ones for the new owner. > - if you have granted permissions to userA on a _parent_ node you can > either fix the entries at the parent or add a denying entry at the target. > - if permissions are inherited from other principals (e.g. through group > membership) you can either 'fix' the set of principals that is add to the > Subject upon login (e.g. through changes of group membership) or again > through an explicit deny. > Which variant (and there might be some more) is the best one, depends on > your requirements. > Also note that for modification of the permission setup your session not > only requires regular write privileges but read/modify access control > privileges. > > See the Oak documentation for additional details in particular > http://jackrabbit.apache.org/oak/docs/security/permission/evaluation.html > You may also want to take a look at the oak-exercise module which comes > with quite some training material for the default authorisation model. > > Hope that helps > Angela > > > On 13/02/18 18:36, "Marco Piovesana" <pioves...@esteco.com> wrote: > > >Hi all, > >is it possible to change the owner of a node? What I'm trying to do is > >move > >a node created by userA from its original folder to another place. After > >the node is moved I want to revoke all permission to userA on that node. > > > >Marco. > >