[ https://issues.apache.org/jira/browse/SLING-5355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15083209#comment-15083209 ]
Rob Ryan commented on SLING-5355: --------------------------------- Anyone who can change a config can make any or all users 'admin' anyway... Oak has an OSGI configuration listing which users are admin. > Create service users and ACLs from the provisioning model > --------------------------------------------------------- > > Key: SLING-5355 > URL: https://issues.apache.org/jira/browse/SLING-5355 > Project: Sling > Issue Type: New Feature > Components: Service User Mapper > Reporter: Bertrand Delacretaz > Assignee: Bertrand Delacretaz > > As discussed in the "Removing loginAdministrative, how to test that, and > service username conventions" thread on our dev list [1] we need to be able > to create service users and set the corresponding ACLs from our provisioning > model. > This should be implemented using distinct utility classes, one for the users > and one for the ACLs, that take simple mini-languages as input. This will > allow for reusing these utilities in test code for example. > I have made a suggestion for those mini languages in that thread, will copy > them here once we agree. > [1] http://markmail.org/message/kcvuhwfdald2dyuz > *Edit: additional contraints* > * Waiting for content paths: not all ACLs can be applied immediately when the > SlingRepository service starts: for this we'd need to create paths that don't > exist yet, and the nodetypes of those paths might not have been defined yet, > as any bundle can supply additional node types. This means waiting for the > path creation to succeed before proceeding, so we might as well wait for the > paths to be created by content installations -- This message was sent by Atlassian JIRA (v6.3.4#6332)