Hello Toby, On Tue, Jul 27, 2010 at 11:01 PM, Tobias Bocanegra <[email protected]> wrote: > hi, > > On Mon, Jul 26, 2010 at 1:12 PM, Ard Schrijvers > <[email protected]> wrote: >> Hello, >> >> From the spec jsr-283 I cannot get my head around one thing: >> >> * What is the expected behaviour of modifying child nodes of shared >> nodes, when you are not allowed to read the child nodes of one of the >> shared nodes (because of some access path constraint for example). > i'm not sure how exactly it is implemented currently, but for resource > based access control, i think that only the primary ancestors inherit > the ACLs. > so the ACL of a shared set is the one of the primary node. for user > centric access control, it's of course path based.
The ambiguity with the ACL based on the primary ancestor, is that through the shared set, you could change a descendant shared node in a complete different part of the tree, which you are not allowed to read.. OTOH, perhaps it makes perfect sense: I assume it works the same for symlinks Thx Toby Regards Ard > > regards, toby >
