Author: angela
Date: Tue Feb 18 16:27:41 2014
New Revision: 1569411
URL: http://svn.apache.org/r1569411
Log:
OAK-1175: update privilege/permission related documentation
Modified:
jackrabbit/oak/trunk/oak-doc/src/site/markdown/differences_permission.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/differences_privileges.md
Modified:
jackrabbit/oak/trunk/oak-doc/src/site/markdown/differences_permission.md
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/differences_permission.md?rev=1569411&r1=1569410&r2=1569411&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/differences_permission.md
(original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/differences_permission.md
Tue Feb 18 16:27:41 2014
@@ -38,6 +38,7 @@ The set of permissions supported by Oak
- `MODIFY_PROPERTY`: permission to change an existing property
- `REMOVE`: aggregation of `REMOVE_NODE` and `REMOVE_PROPERTY`
- `USER_MANAGEMENT`: permission to execute user management related tasks such
as e.g. creating or removing user/group, changing user password and editing
group membership.
+- `INDEX_DEFINITION_MANAGEMENT`: permission to create, modify and remove the
oak:index node and it's subtree which is expected to contain the index
definitions.
The following permissions are now an aggregation of new permissions:
@@ -113,6 +114,13 @@ For backwards compatibility with Jackrab
Reading and writing items in the version store does not follow the regular
permission evaluation but depends on access rights present on the corresponding
versionable node. In case the version information does no longer have a
versionable node in this workspace that original path is used to evaluate the
effective permissions that would apply to that node if the version was restored.
Note, that as in Jackrabbit VERSION_MANAGEMENT permission instead of the
regular JCR write permissions is required in order to execute version
operations and thus modify the version store. These changes are covered by
[OAK-444] and address the concerns summarized in [JCR-2963].
+##### Query Index Definitions
+Writing query index definitions requires the specific index definition
management
+which is enforce on nodes named "oak:index" and the subtree defined by them.
+Note that the corresponding items are not protected in the JCR sense.
Consequently
+any other modification in these subtrees like e.g. changing the primary type
+or adding mixin types is governed by the corresponding privileges.
+
#### 3. Administrative Principals
The following principals always have full access to the whole content
repository irrespective of the access control content:
Modified:
jackrabbit/oak/trunk/oak-doc/src/site/markdown/differences_privileges.md
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/differences_privileges.md?rev=1569411&r1=1569410&r2=1569411&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/differences_privileges.md
(original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/differences_privileges.md
Tue Feb 18 16:27:41 2014
@@ -71,6 +71,7 @@ different to Jackrabbit 2.x in the follo
- rep:addProperties
- rep:alterProperties
- rep:removeProperties
+ - rep:indexDefinitionManagement
Note the following differences with respect to Jackrabbit 2.x definitions:
