On Wednesday, March 11, 2020 6:50:51 PM CET Cris Rockwell wrote: > Hello Sling Users
Hi Cris, > When I launch Sling, there is an ACL for jrc:read for the everyone > ‘principle' on jcr:root, as described in the repoinit.txt > http://archive.apache.org/dist/sling/org.apache.sling.launchpad-9.jar > <http://archive.apache.org/dist/sling/org.apache.sling.launchpad-9.jar> > > I have found these resources: > > http://apache-sling.73963.n3.nabble.com/Principal-quot-everyone-quot-is-not-> > clear-td4078544.html > <http://apache-sling.73963.n3.nabble.com/Principal-quot-everyone-quot-is-no > t-clear-td4078544.html> > https://jackrabbit.apache.org/oak/docs/security/user/membership.html > <https://jackrabbit.apache.org/oak/docs/security/user/membership.html> > > But I still have questions: > * Why is everyone by default granted jcr:read access to the whole > repository? * If you wanted to control access, isn’t it better to whitelist > (i.e. grant) instead of deny? * If the everyone ACL jcr:read rule was > deleted from root, what problems should be expected? That was changed several years ago already, see SLING-6130 and current setup: https://github.com/apache/sling-org-apache-sling-starter/blob/master/src/main/ provisioning/repoinit.txt Regards, O. > Many thanks! > Cris Rockwell > Applications Architect Sr > College of Literature, Science, and the Arts | University of Michigan > LSA Technology Services | 6503 Haven Hall | 505 S. State Street | Ann Arbor, > MI I 48109 Desk: 734.763.6818 | Email: cmroc...@umich.edu
