Hi Marco

Yeah... no, that's not how the default authorisation model works :-)

But obviously you would be able to write and deploy your own authorisation
model that just behaves as you expected it to work.
Some hints can be found at

I still didn't have time to write a dedicated training session for the
customize-authorization topic but it's on my TODOs.

Kind regards

On 14/02/18 10:37, "Marco Piovesana" <pioves...@esteco.com> wrote:

>Hi Angela,
>thanks for the answer. I thought (and I was wrong) that the user that
>created a node would have had complete control on it (and not just the
>permissions explicitly granted to him). That's why my question... thanks
>again for the clarification.
>On Wed, Feb 14, 2018 at 9:47 AM Angela Schreiber
>> Hi Marco
>> It depends a bit on how you originally setup the 'ownership' in the
>> place.
>> - if you have granted permissions to userA _on_ that very node, you can
>> simply remove the entries and create new ones for the new owner.
>> - if you have granted permissions to userA on a _parent_ node you can
>> either fix the entries at the parent or add a denying entry at the
>> - if permissions are inherited from other principals (e.g. through group
>> membership) you can either 'fix' the set of principals that is add to
>> Subject upon login (e.g. through changes of group membership) or again
>> through an explicit deny.
>> Which variant (and there might be some more) is the best one, depends on
>> your requirements.
>> Also note that for modification of the permission setup your session not
>> only requires regular write privileges but read/modify access control
>> privileges.
>> See the Oak documentation for additional details in particular
>> You may also want to take a look at the oak-exercise module which comes
>> with quite some training material for the default authorisation model.
>> Hope that helps
>> Angela
>> On 13/02/18 18:36, "Marco Piovesana" <pioves...@esteco.com> wrote:
>> >Hi all,
>> >is it possible to change the owner of a node? What I'm trying to do is
>> >move
>> >a node created by userA from its original folder to another place.
>> >the node is moved I want to revoke all permission to userA on that
>> >
>> >Marco.

Reply via email to