[ https://issues.apache.org/jira/browse/SLING-10070?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Karl Pauls updated SLING-10070: ------------------------------- Fix Version/s: Content-Package to Feature Model Converter 1.0.26 > Option to enforce principal-based authorization > ----------------------------------------------- > > Key: SLING-10070 > URL: https://issues.apache.org/jira/browse/SLING-10070 > Project: Sling > Issue Type: New Feature > Components: Content-Package to Feature Model Converter > Reporter: Angela Schreiber > Priority: Major > Fix For: Content-Package to Feature Model Converter 1.0.26 > > > while addressing SLING-9692 an configuration for enforcing principal-based > authorization upon content package conversion was introduced. however, > [~karlpauls] and myself discussed the impact of the forced migration and > found that some additional verification might be needed: > in the following cases the forced conversion to principal-based is needed > - service-mapping in the format {{bundle.subservice=[userfromcontentpackage, > built-in-with-principal-based-authorization]}} will require the > _userfromcontentpackage_ to be installed with prinicipal-based ac setup if > the built-in user no longer has resource-based ac setup defined > in the following case however it is not desirable > - service-mapping in the format {{bundle.subservice=userfromcontentpackage}} > -> service login will resolve group membership (group principals not > supported by principal-based authorization. see oak documentation and > exercises for details) > in the following cases it is not required but is likely beneficial given that > ultimately all service user permissions should be defined with > principal-based access control setup > - service-mapping in the format > {{bundle.subservice=[userfromcontentpackage]}} > - service-mapping in the format {{bundle.subservice=[userfromcontentpackage, > anotheruserfromcontentpackage]}} -- This message was sent by Atlassian Jira (v8.3.4#803005)