[SLING-7061] Access control setup of repository-level permissions (i.e. null path) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Repoinit Parser 1.1.0
Fix Version/s: Repoinit Parser 1.2.0, Repoinit JCR 1.1.6
Component/s: Repoinit
Labels:
- Sling-10-ReleaseNotes

Description

If I am not mistaken it is currently not possible to create access control setup for principals at the 'null' path, which according to JSR 283 is to be used to setup repository level permissions such as

node type definition management (i.e. registering new node types)
namespace management (i.e. registering new namespaces)
privilege management (i.e. registering new privileges)
workspace management (i.e. creating/removing workspaces)

All of these operations are not bound to a path (like e.g. removing an item or creating a new version for a given node) but instead take global effect on the whole JCR repository... that's why permissions for these operations cannot be granted at a given path.

In the default authorization model shipped with Jackrabbit and Oak the ~~null~~ path access control policy is stored with a dedicated rep:repoPolicy node located with the root node and

For service user definitions we need to be able to define entries for the ~~null~~ path policy for the reasons explained above. Thanks for extending the repo-init accordingly.

Attachments

Activity

People

Assignee:: Timothee Maret

Reporter:: Angela Schreiber

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 18/Aug/17 08:00

Updated:: 03/Feb/18 13:08

Resolved:: 19/Sep/17 09:15