hi husain
What does the rep:glob stands for and how does it affects the permissions?
the default ACL (without the rep:glob restriction) effects the whole
subtree defined by the target node. the optional rep:glob restriction
allows you to limit the effect to certain items in that subtree
without having the create a separate policy at every single location
that matches.
the matching is similar to the one defined by Node.getNodes(String[]),
except that it works for paths an not only for names.
examples for a path /foo without and with rep:glob restriction:
-----------------------------------------------------------------------------
rep:glob | Matches
-----------------------------------------------------------------------------
|
null | matches /foo and all its children
|
-----------------------------------------------------------------------------
|
"" | matches /foo only
* | siblings of foo and foo's and the siblings' descendants
/*cat | all children of /foo whose path ends with "cat"
/*/cat | all non-direct descendants of /foo named "cat"
/cat* | all descendant path of /foo that have the direct
foo-descendant segment starting with "cat"
*cat | all siblings and descendants of foo that have a
name ending with cat
*/cat | all descendants of /foo and foo's siblings that have
a name segment "cat"
cat/* | all descendants of '/foocat'
/cat/* | all descendants of '/foo/cat'
*cat/* | all descendants of /foo that have an intermediate
| segment ending with 'cat'
|
-----------------------------------------------------------------------------
please not that this restriction does not distinguish between child
nodes and properties of a node as it performs a simplistic path-matching.
regards
angela
