Hi Anjan, I don't really see how the ACL is setup. can you export a JSON dump of the respective rep:policy node? everyone does not have a special priority, the order of the ACEs is important.
regards, toby On Thu, Dec 12, 2013 at 2:32 AM, anjan <poliset...@gmail.com> wrote: > To further update, here are the permissions I see for the "child" folder. > > {"Managers":{"principal":"Managers","granted":["jcr:read"],"order":0},"everyone":{"principal":"everyone","granted":["jcr:readAccessControl","jcr:removeChildNodes"],*"denied":["jcr:read"]*,"order":1},"administrators":{"principal":"administrators","granted":["jcr:all"],"order":2}} > > Please note that on the "child" folder "everyone" is having "jcr:read" > denied privilege (bold above). > > After some debugging, I noticed that because of this deny access on > "everyone" principal, "test" user cannot see "child" folder. Since "test" > user belongs to "Managers" group and this group has "jcr:read" privilege, I > thought "test" user will see this folder. But it is not the case. > > Does this mean that "everyone" takes precedence in all the scenarios > irrespective of the order of ACEs? Can anyone clarify. > > > > -- > View this message in context: > http://jackrabbit.510166.n4.nabble.com/Group-membership-is-not-honoured-tp4660059p4660063.html > Sent from the Jackrabbit - Users mailing list archive at Nabble.com.