Hello Angela, thank you very much for your response.
I try to follow your recommendation but I still have issues.
What I am trying to do is (behavior that I am trying to achieve):
- Create user "someuser"
- Create /agb:Templates/agb:TemplateRead and /agb:Templates/agb:TemplateAll
nodes.
- User "someuser" be able to delete & modify agb:TemplateAll node.
- User "someuser" be able to just read (not delete, not update)
agb:TemplateRead node.
I order to do that I create the bellow structure but with the bellow
structure "someuser" is able to delete
/agb:Templates/agb:TemplateRead/agb:DatatypeProperties, this is a expected
behavior due to the jcr:removeChildNodes added on /agb:Templates but is not
desire according to my goal, I can not remove jcr:removeChildNodes from
/agb:Templates becuase I need it in order to be able to delete
/agb:Templates/agb:TemplateAll and the nodes bellow.
What I think I can do to get my goal is add a "deny jcr:removeChildNodes"
Jackrabbit access on /agb:Templates/agb:TemplateRead. Thinking in more users
and nodes I think is not the best think to do. Do you think of any other
approach that I can try to achieve the behavior that I want?
Hope you can help me and again thank you very much.
/agb:Templates[
jcr:mixinTypes: rep:AccessControllable,
agb:label: Templates
jcr:primaryType: nt:unstructured
/agb:Templates/rep:policy[
jcr:primaryType: rep:ACL
/agb:Templates/rep:policy/allow[
rep:privileges: jcr:removeChildNodes,
jcr:readAccessControl,
rep:principalName: someuser
jcr:primaryType: rep:GrantACE
/agb:Templates/agb:TemplateRead[
jcr:uuid: 8cf35f57-c8fa-4efd-ab4f-26b8eb5baf51
jcr:mixinTypes: mix:referenceable, rep:AccessControllable,
agb:label: template read
jcr:primaryType: nt:unstructured
/agb:Templates/agb:TemplateRead/rep:policy[
jcr:primaryType: rep:ACL
/agb:Templates/agb:TemplateRead/rep:policy/allow[
rep:privileges: jcr:read,
jcr:readAccessControl,
rep:principalName: someuser
jcr:primaryType: rep:GrantACE
/agb:Templates/agb:TemplateRead/agb:DatatypeProperties [
agb:label: DatatypeProperties
jcr:primaryType: nt:unstructured
/agb:Templates/agb:TemplateRead/agb:ObjectProperties[
agb:label: ObjectProperties
jcr:primaryType: nt:unstructured
/agb:Templates/agb:TemplateAll[
jcr:uuid: f3d65b65-110e-4e45-98f1-97fe727113f9
jcr:mixinTypes: mix:referenceable, rep:AccessControllable,
agb:label: template all
jcr:primaryType: nt:unstructured
/agb:Templates/agb:TemplateAll/rep:policy[
jcr:primaryType: rep:ACL
/agb:Templates/agb:TemplateAll/rep:policy/allow[
rep:privileges: jcr:all,
rep:principalName: someuser
jcr:primaryType: rep:GrantACE
/agb:Templates/agb:TemplateAll/agb:DatatypeProperties[
agb:label: DatatypeProperties
jcr:primaryType: nt:unstructured
/agb:Templates/agb:TemplateAll/agb:ObjectProperties[
agb:label: ObjectProperties
jcr:primaryType: nt:unstructured
--
View this message in context:
http://jackrabbit.510166.n4.nabble.com/AccessControll-tp4604580p4606411.html
Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
