Hi Oliver Thanks for the fast reply. Can I ask the exact same set of questions about default jcr:read access for everyone on /content? Is that required?
Cris Rockwell Applications Architect Sr College of Literature, Science, and the Arts | University of Michigan LSA Technology Services | 6503 Haven Hall | 505 S. State Street | Ann Arbor, MI I 48109 Desk: 734.763.6818 | Email: cmroc...@umich.edu > On Mar 11, 2020, at 3:05 PM, Oliver Lietz <apa...@oliverlietz.de> wrote: > > On Wednesday, March 11, 2020 6:50:51 PM CET Cris Rockwell wrote: >> Hello Sling Users > > Hi Cris, > >> When I launch Sling, there is an ACL for jrc:read for the everyone >> ‘principle' on jcr:root, as described in the repoinit.txt >> http://archive.apache.org/dist/sling/org.apache.sling.launchpad-9.jar >> <http://archive.apache.org/dist/sling/org.apache.sling.launchpad-9.jar> >> >> I have found these resources: >> >> http://apache-sling.73963.n3.nabble.com/Principal-quot-everyone-quot-is-not-> >> clear-td4078544.html >> <http://apache-sling.73963.n3.nabble.com/Principal-quot-everyone-quot-is-no >> t-clear-td4078544.html> >> https://jackrabbit.apache.org/oak/docs/security/user/membership.html >> <https://jackrabbit.apache.org/oak/docs/security/user/membership.html> >> >> But I still have questions: >> * Why is everyone by default granted jcr:read access to the whole >> repository? * If you wanted to control access, isn’t it better to whitelist >> (i.e. grant) instead of deny? * If the everyone ACL jcr:read rule was >> deleted from root, what problems should be expected? > > That was changed several years ago already, see SLING-6130 and current setup: > > https://github.com/apache/sling-org-apache-sling-starter/blob/master/src/main/ > provisioning/repoinit.txt > > Regards, > O. > > >> Many thanks! >> Cris Rockwell >> Applications Architect Sr >> College of Literature, Science, and the Arts | University of Michigan >> LSA Technology Services | 6503 Haven Hall | 505 S. State Street | Ann Arbor, >> MI I 48109 Desk: 734.763.6818 | Email: cmroc...@umich.edu > > > >
