Hello all, I have a very big problem regarding privileges. Can someone give me an url or some documentation about how the privileges are applied in Jackarabbit. Right now I'm having problems regarding this specific matter:
Privileges on Root (/): ----------------------------------------------- allow -> administrators: jcr:all allow -> All Users: jcr:read allow -> adminOnRoot: jcr:read, jcr:notifyOnChange, rep:write, jcr:readAccessControl, jcr:modifyAccessControl, jcr:versionManagement, jcr:lockManagement, jcr:retentionManagement ----------------------------------------------- Privileges on an intermediary node (/categoryOne) This node is not access controllable Privileges on my document (/categoryOne/MyDocument) [node that I want to delete]: ----------------------------------------------- allow -> All Users: jcr:read allow -> user01: jcr:read, jcr:removeChildNodes, jcr:removeNode, jcr:readAccessControl, jcr:modifyAccessControl, jcr:versionManagement, jcr:lockManagement deny -> adminOnRoot: jcr:notifyOnChange, jcr:modifyProperties, jcr:removeChildNodes, jcr:removeNode, jcr:readAccessControl, jcr:modifyAccessControl, jcr:versionManagement, jcr:lockManagement ----------------------------------------------- I'm logged in Jackrabbit with user01, (user01 belongs only to All Users). When I try to delete /categoryOne/MyDocument I get an "access denied exception!". If I add jcr:modifyProperties to user01's allow ACE(on node /categoryOne/MyDocument) and add the user01 to adminOnRoot group then i can delete the node. This is weird ! Can anyone explain why is this happening, or which is the normal flow and logic behind evaluating privileges in Jackarabbit ? Many thanks ! Dan
