[
https://issues.apache.org/jira/browse/OAK-3457?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Davide Giannella closed OAK-3457.
---------------------------------
Bulk close for 1.3.8
> Multivalued restriction to limit effect of ACE to items with a given name
> -------------------------------------------------------------------------
>
> Key: OAK-3457
> URL: https://issues.apache.org/jira/browse/OAK-3457
> Project: Jackrabbit Oak
> Issue Type: New Feature
> Components: core
> Reporter: angela
> Assignee: angela
> Priority: Minor
> Fix For: 1.3.8
>
>
> with the current wildcard-based glob restriction it's not possible to limit
> the effect of a single ACE to properties or nodes matching a given set of
> names.
> examples:
> - grant rep:readProperties privilege for properties named jcr:primaryType or
> jcr:mixinTypes (i.e. only default properties present with all jcr nodes such
> as defined by nt:base)
> - grant rep:userManagement privilege only for items named rep:members (i.e.
> limit the effect that only members can be added or removed but other kind of
> user management action is denied)
> - deny creation of child nodes named 'jcr:content' or 'content' or
> 'rep:content' or 'my:content'
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
