Description
For situations where an authorizable node may be distributed from another environment where a different rep:principalPolicy for the user is defined than exists for that user in the target environment, it is important that the existing rep:principalPolicy be preserved when acHandling is unset, acHandling=IGNORE, or acHandling=MERGE_PRESERVE.
Currently, the effective behavior of such a package install, as it appears to be implemented in DocViewImporter, results in the following:
- If the package specifies acHandling=IGNORE, the existing rep:principalPolicy is deleted without replacement, regardless of whether the package contains its own rep:principalPolicy, which is equivalent to acHandling=CLEAR
- If the package specifies acHandling=MERGE_PRESERVE or MERGE, the existing rep:principalPolicy is replaced with whatever rep:principalPolicy is contained in the package, or deletes the policy if a replacement is not present, which is equivalent to acHandling=OVERWRITE
Unexpectedly, the least destructive (and most default) acHandling mode (IGNORE) turns out to be as destructive to packaged system user permissions as choosing any other mode.
Attachments
Issue Links
- breaks
-
JCRVLT-721 Importing content packages with minimum permissions fails
-
- Closed
-
- links to