Hi Konrad There exists no automatic cleanup for access control entries bound to a specific principal or path.
If the tree where the policy is stored gets deleted (or any of it's parents for that matter) the policy node will be removed. This may or may not be the access-controlled tree where the policy (or it's entries) take effect (see JCR specification about the effect of access control policies). Alternatively, the policy itself can be removed using AccessControlManager#removePolicy. In other words: * you can have/define resource-based ACEs for non-existing principals * you can have/define principal-based ACEs for non-existing paths Hope that helps Angela ________________________________ From: Konrad Windszus <[email protected]> Sent: Friday, April 28, 2023 11:53 To: [email protected] <[email protected]> Subject: Referential Integrity of Access Control Policies Hi, How are access control policies supposed to behave in case the referenced principal or node path is deleted? Are they automatically cleaned up? They are automatically deleted whenever the parent node is being deleted (while for resource based ACLs this is expected and makes sense for principal ACLs this may sometimes lead to surprises). I would like to add a paragraph to both https://jackrabbit.apache.org/oak/docs/security/authorization/principalbased.html and https://jackrabbit.apache.org/oak/docs/security/accesscontrol/default.html to document this, so I would appreciate some pointers. Thanks in advance, Konrad
