I have a node (of type nt:folder) where the below privileges are granted for the user "test".
jcr:primaryType = rep:GrantACE rep:privileges = ['jcr:modifyProperties','jcr:read','jcr:versionManagement']. Now I am able to create a child node (of type nt:folder) successfully with "test" user even though "test" user doesn't have the "jcr:addChildNodes" privilege. This "test" user also belong to "administrator" group and I believe this group has "jcr:all" privileges assigned to it. But based on my understanding, if ACEs are defined for USER principal they will take precedence over the group principals. So I am not sure how "test" user can successfully create a child node. Am I missing something here? -- View this message in context: http://jackrabbit.510166.n4.nabble.com/Group-membership-and-Privileges-tp4659561.html Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
