[jira] [Commented] (SLING-5848) Define service user and ACLs for Scripting

Fri, 29 Jul 2016 00:58:46 -0700 

    [ 
https://issues.apache.org/jira/browse/SLING-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15398913#comment-15398913
 ] 

angela commented on SLING-5848:
-------------------------------

what looks like a hash to you is a random node name being generated by 
{{RandomAuthorizableNodeName}}, which is just one possible implementation of 
the {{AuthorizableNodeName}} interface.

to answer your question: what ever {{AuthorizableNodeName}} implementation is 
configured with the default user management implementation in Oak will be used 
to create the user/group node. you should not rely on a given implementation as 
this may change at runtime.
so, whenever you create a user/group by calling {{UserManager.create*}} the 
implementation will pick the configure {{AuthorizableNodeName}} to create the 
corresponding tree structure in the system.

one final note: if a given user/group account is created through XML import 
(see {{UserImporter}} it will import the trees as defined in the XML. that's 
what Jackrabbit fVault is using for importing user/group accounts defined in 
content packages, which explains the difference between package import and 
user/group creation through Jackrabbit API calls.

Nevertheless: You should not worry about the format of the node name as this is 
really an implementation detail and there is no guarantee whatsoever, that a 
given user/group is being located at a predictable path (except for the 
intermediate path that can be specified when creating user/group).

> Define service user and ACLs for Scripting
> ------------------------------------------
>
>                 Key: SLING-5848
>                 URL: https://issues.apache.org/jira/browse/SLING-5848
>             Project: Sling
>          Issue Type: Task
>          Components: Scripting
>            Reporter: Oliver Lietz
>
> Scripting implementations require a (service) ResourceResolver with very 
> limited read rights to read scripts.
> Reading can be limited to these paths:
> * {{/apps}}
> * {{/libs}}
> * {{/etc}} (?)
> Name for service user: {{scripting}} or {{sling-scripting}} or 
> {{sling.scripting}} (?)
> *repoinit:*
> {noformat}
> create path /apps
> create path /libs
> create service user sling-scripting
> set ACL for sling-scripting
>   allow jcr:read on /apps
>   allow jcr:read on /libs
> end
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to