[
https://issues.apache.org/jira/browse/SLING-8602?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16933554#comment-16933554
]
Eric Norman edited comment on SLING-8602 at 9/19/19 4:22 PM:
-------------------------------------------------------------
[~angela] I don't know much about the use cases for this, but is this
principalbased access control only expected to be used during repo init?
If not, is there new support required for the access control related 'access
control' sling REST view and actions for the same? (Also support of the same
in the jcr-contentloader?)
was (Author: edn):
[~angela] I don't know much about the use cases for this, but is this
principalbased access control only expected to only be used during repo init?
If not, is there new support required for the access control related 'access
control' sling REST view and actions for the same? (Also support of the same
in the jcr-contentloader?)
> Add support for PrincipalAccessControlList and ac-management by principal
> -------------------------------------------------------------------------
>
> Key: SLING-8602
> URL: https://issues.apache.org/jira/browse/SLING-8602
> Project: Sling
> Issue Type: New Feature
> Components: Repoinit
> Reporter: angela
> Assignee: Robert Munteanu
> Priority: Major
> Labels: Sling-12-ReleaseNotes
> Fix For: Repoinit Parser 1.2.8, Repoinit JCR 1.1.14
>
> Attachments: SLING-8602-jcr-2.patch, SLING-8602-jcr.patch,
> SLING-8602-parser-2.patch, SLING-8602-parser.patch
>
>
> with JCR-4429 comes a new type of {{JackrabbitAccessControlList}} that allows
> to provide native support for access control management by principal as
> defined by
> {{org.apache.jackrabbit.api.security.JackrabbitAccessControlManager}}.
> now that there exists a new authorization model in Oak (OAK-8190) that
> implements these extensions, it would be desirable if the repo-init would
> cover access control management by principal.
> note: while the original aim of OAK-8190 was to store permissions for system
> users (aka service users) separately, the implementation in
> _oak-authorization-principalbased_ is not limited to system users and doesn't
> mandate the policies to be stored with a user node. the location of the
> access controlled node is an implementation detail that can be changed. see
> Jackrabbit API and
> http://jackrabbit.apache.org/oak/docs/security/authorization/principalbased.html
> for additional details.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
