Description
When installing a content package with AccessControlHandling overwrite access control entries contained in a given list are grouped by principal and ultimately imported with a different order that originally defined in the package.
This alters the effective permissions for those {{Subject}}s that contain the principals for which the ACEs got imported.
Example:
1. grant group1 read at /testroot
2. deny group2 read at specific subset of items within the tree defined by /testroot
3. grant group1 read/write at specific subset of items within the tree defined by /testroot
The ACL resulting from the package import will contain the entries in the following order: 1, 3, 2.
Attachments
Attachments
Issue Links
- is blocked by
-
JCRVLT-296 Test coverage for access control import
- Closed
- is related to
-
JCRVLT-293 Failing tests when building vault-core with -Doak=true
- Closed