[
https://issues.apache.org/jira/browse/JCR-2937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13019897#comment-13019897
]
angela commented on JCR-2937:
-----------------------------
the properties get the permission inherited from the node unless there is a
restriction matching specifically.
the jcr:read privilege currently is in our implementation not aggregated and
thus does not allow to distinguish between different types of items.
in other word: reading the node includes readability of it's property with the
only exception that the jackrabbit extensions are used and the read access is
narrowed by a pattern that only matches a subset of items (nodes or properties)
> ACL with glob restrictions does not work on '/'
> -----------------------------------------------
>
> Key: JCR-2937
> URL: https://issues.apache.org/jira/browse/JCR-2937
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Components: security
> Affects Versions: 2.3.0
> Reporter: Tobias Bocanegra
> Assignee: angela
>
> i tried to define a ACL on '/' that would allow 'read' on '/' itself, but not
> for the nodes underneath. i tried "*", "/*", "./*" but none of them seem to
> do the desired effect.
> eg:
> everyone,allow,jcr:read, '/'
> everyone,deny,jcr:read, '/', glob="/*"
> the same works for a non-root node.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
