[jira] [Comment Edited] (SLING-9692) Add support for principal-based access control entries

Thu, 12 Nov 2020 01:18:09 -0800 


    [ 
https://issues.apache.org/jira/browse/SLING-9692?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17230471#comment-17230471
 ] 

Angela Schreiber edited comment on SLING-9692 at 11/12/20, 9:17 AM:
--------------------------------------------------------------------

[~rombert], [~dsuess], IMHO the issue should be 2-fold:
 - if content packages contain principal-based access control policies the 
converter should recognize them and generate the correct repoinit statements: 
i.e. policy nodes that have primary type {{rep:PrincipalPolicy}} should be 
converted to repo-init statement {{set principal ACL for principalName [...]}}. 
note that Jackrabbit fVault has been adjusted to support principal-based 
policies in content packages, so those might actually show up.
 - second there should be an option to convert resource-based access control 
setup for service users as defined in the content packages to principal-based 
access control setup in repo-init:
 ** make sure service users are created below the supported location
 ** generate principal-based access control statements instead of 
resource-based ac
 ** note: in contrast to resource-based access control the target nodes where 
the entries will take effect are not required to exist at the time the ac setup 
is defined.


was (Author: anchela):
[~rombert], [~dsuess], IMHO the issue should be 2-folded:
 - if content packages contain principal-based access control policies the 
converter should recognize them and generate the correct repoinit statements: 
i.e. policy nodes that have primary type {{rep:PrincipalPolicy}} should be 
converted to repo-init statement {{set principal ACL for principalName [...]}}. 
note that Jackrabbit fVault has been adjusted to support principal-based 
policies in content packages, so those might actually show up.
 - second there should be an option to convert resource-based access control 
setup for service users as defined in the content packages to principal-based 
access control setup in repo-init:
 ** make sure service users are created below the supported location
 ** generate principal-based access control statements instead of 
resource-based ac
 ** note: in contrast to resource-based access control the target nodes where 
the entries will take effect are not required to exist at the time the ac setup 
is defined.

> Add support for principal-based access control entries
> ------------------------------------------------------
>
>                 Key: SLING-9692
>                 URL: https://issues.apache.org/jira/browse/SLING-9692
>             Project: Sling
>          Issue Type: Improvement
>          Components: Content-Package to Feature Model Converter
>            Reporter: Robert Munteanu
>            Priority: Major
>             Fix For: Content-Package to Feature Model Converter 1.1.2
>
>
> When passed a content package that contains principal-based access control 
> entries, the converter ignores them. It should instead generate the proper 
> repoinit statements.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to