hi
So my conclusion with the first structure example is: "someuser" can remove any child of node /templates/templateall but not the node itself, is necesary to provide jcr:removeChildNodes acess no /templates to be able to do that. Is my conclusion correct?
yes that's correct. see JSR 283 section 16.2.3 Standard Privileges: "• jcr:removeChildNodes: The privilege to remove child nodes of a node. In order to actually remove a node requires jcr:removeNode on that node and jcr:removeChildNodes on the parent node. The distinction is provided in order to distinguish implementations that internally model a “remove” as a “delete” from those that model it as an “unlink”. A repository that uses the “delete” model can have jcr:removeChildNodes in every access control policy, so that removal is effectively controlled by jcr:removeNode. Conversely, a repository that uses the “unlink” model can have jcr:removeNode in every access control policy." hope that helps angela
Thanks!! -- View this message in context: http://jackrabbit.510166.n4.nabble.com/AccessControll-tp4604580.html Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
