hi shabeer >So with jackrabbit core, how can I restrict access privilege to path >against >user principal, if not using "rep:glob" restriction pattern?
with jackrabbit-core you can only use the rep:glob restriction to limit the effect of a given ACE to those paths that match the specified globbing pattern. since the permission evaluation in jackrabbit core is by path it doesn't distinguish properties and nodes. in other words: the globbing pattern will only be useful if you follow some name convention that can then be covered by the globbing... there is no way to specifically grant read access to properties or nodes only. as of oak 1.0 it's slightly different: - jcr:read is an aggregation of rep:readNodes and rep:readProperties - permission evaluation is item base (node/property) and not path based - oak provides a low level extension point for restrictions and you can plug your custom restrictions at runtime. kind regards angela >"rep:glob" with ""(empty string) restriction provides access to read node >path and not its properties makes me puzzled. > > > >Thanks, >Shabeer. > > > >-- >View this message in context: >http://jackrabbit.510166.n4.nabble.com/Unable-to-access-node-properties-tp >4661416p4661419.html >Sent from the Jackrabbit - Dev mailing list archive at Nabble.com.
