[ https://issues.apache.org/jira/browse/SLING-9953?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17241502#comment-17241502 ]
Angela Schreiber commented on SLING-9953: ----------------------------------------- [~dsuess], service users by default don't have any access control setup created upon user-creation in the user manager (the corresponding action ignores service users). howeveer, some service users actually do need some sort of access to their home (read or write or full access), because of the nature of the tasks the corresponding service is performing. it has nothing to do with login..... > ACEs on/below user nodes are ignored upon conversion > ---------------------------------------------------- > > Key: SLING-9953 > URL: https://issues.apache.org/jira/browse/SLING-9953 > Project: Sling > Issue Type: Bug > Components: Content-Package to Feature Model Converter > Reporter: Angela Schreiber > Priority: Critical > > I had a look at the cp-feature-model-converter in the light of SLING-9692 and > found a surprising comment pointing to SLING-8561: > {code} > // clean the unneeded ACLs, see SLING-8561 > {code} > code here: > https://github.com/apache/sling-org-apache-sling-feature-cpconverter/blob/master/src/main/java/org/apache/sling/feature/cpconverter/acl/DefaultAclManager.java#L146-L153 > what it does in fact is omit any kind of permission setup that is defined for > the service users home node. that's quite a serious bug IMHO.... and on top > of that unnecessary because Sling repo-init allows to define those kind of > ACEs using the home(userid) notation (see > https://sling.apache.org/documentation/bundles/repository-initialization.html) > and btw: what does _unneeded ACLs_ mean? they are for sure not 'unneeded' and > omitting them will essentially result in an invalid permission setup (and > thus break the feature using the service login). > cc: [~cziegeler], [~karlpauls], [~dsuess] -- This message was sent by Atlassian Jira (v8.3.4#803005)