hi husain
Another one. I created a user using UserManager and have a blank ACL in the repository.
the acls reside in a workspace an not the whole repository... not sure what you mean.
That is there are no ACE for the uesr. However, the user still has complete access to the repository. Is that the default policy? How can I change that? I am using Principal based ACLProvider.
what are the permissions granted to the everyone group? if i remember correctly the default setup grants jcr:read privilege to everyone. this can be turned off by setting the omit-default-permission parameter in the ac-provider configuration. (if the ace has already been created before you need to remove it using the API). is this what you are looking for? angela
