hi chad
in order to execute version operations a principal must
have jcr:versionManagement privilege [1] on the corresponding
versionable node.
note however, that this only covers the execution. reading
version related content is controlled by regular read permissions.
one more thing to be aware of: version operations such as checkin
also require read-access to the corresponding part of the version
storage. this is rather cumbersome and covered by an jira issue [2]
hope that helps
angela
[1]
http://www.day.com/maven/jsr170/javadocs/jcr-2.0/javax/jcr/security/Privilege.html#JCR_VERSION_MANAGEMENT
[2] https://issues.apache.org/jira/browse/JCR-2963
On 7/25/11 10:12 PM, ChadDavis wrote:
I'm using ACL's to control access to subtrees. This works great, but
I noticed that now my version control stuff fails because it doesn't
have the proper access. I can get this to work, but I can't really
decide what the best way of addressing this is.
1) when I create my Jackrabbit users ( I'm using the jackrabbit user
management extensions ), their content subtrees and the associated
ACL's, I could attempt to also attach an ACL for that user to the
version control tree. This, however, strikes me as a bit odd, and
perhaps unwieldy.
OR
2) I can simply user a repo-wide admin user, who has access to
everything, do these actions.
How do other folks handle this? Thoughts?
