adamcin commented on PR #1094: URL: https://github.com/apache/jackrabbit-oak/pull/1094#issuecomment-1745396023
@anchela That's unfortunate. I guess the issue is with a new PrivilegeBits constant not being able to reflect the value of `next` in an existing privilege tree that is being upgraded, which probably would mean, for example, that upon upgrade, `rep:insecureQueryOptions` would have the same bit position as `crx:replicate`, and there would either be an error on startup, or there would just be a silent failure to treat them as distinct permissions. https://github.com/apache/jackrabbit-oak/blob/320df1f83d0580b65aa61e95e81494f973fcdf7d/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java#L55-L59 Since this approach would likely work if it were defined as a custom privilege, such as `crx:insecureQueryOptions`, I can try reverting the changes under `oak-security-spi` and make the privilege name a configuration option in `QueryEngineSettingsMBean`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jackrabbit.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org