On 9/28/11 8:56 AM, bobofer wrote:
Thanks both Mark and Angela for your replay. I set DEV – jcr:write, USR – jcr:read and set ACEs in order USR,DEV. Same thing happens, the Tom has jcr:read privilege. No matter how I order ACEs(usr first then dev), they always seems to be reordered alphabetically(dev first then usr). Since we decide that we'll use only groups in our ACLs, I think that the solution for my problem will be that user can be present only in one group.
why that? the user can be in as many groups as you wish. for the ac-eval this means: if group a grants read permission and group b denies it the order of ac-entries is relevant for the result. similarly if the ace for group a is inherited, the ace defined at the targetnode itself will win... i don't see any problem here. angela
-- View this message in context: http://jackrabbit.510166.n4.nabble.com/AccessControlManagerget-Privileges-path-method-problem-tp3790533p3850157.html Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
