angela created OAK-3457:
---------------------------
Summary: Multivalued restriction to limit effect of ACE to items
with a given name
Key: OAK-3457
URL: https://issues.apache.org/jira/browse/OAK-3457
Project: Jackrabbit Oak
Issue Type: New Feature
Components: core
Reporter: angela
Assignee: angela
Priority: Minor
Fix For: 1.3.8
with the current wildcard-based glob restriction it's not possible to limit the
effect of a single ACE to properties or nodes matching a given set of names.
examples:
- grant rep:readProperties privilege for properties named jcr:primaryType or
jcr:mixinTypes (i.e. only default properties present with all jcr nodes such as
defined by nt:base)
- grant rep:userManagement privilege only for items named rep:members (i.e.
limit the effect that only members can be added or removed but other kind of
user management action is denied)
- deny creation of child nodes named 'jcr:content' or 'content' or
'rep:content' or 'my:content'
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
