This is an automated email from the ASF dual-hosted git repository. kwin pushed a commit to branch feature/document-referential-integrity in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
commit d655e0e7f0ff3c2289afe74eee923d315422aa73 Author: Konrad Windszus <[email protected]> AuthorDate: Fri Apr 28 15:22:58 2023 +0200 Add paragraph on (non-existing) referential integrity of policies --- oak-doc/src/site/markdown/security/accesscontrol/default.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/oak-doc/src/site/markdown/security/accesscontrol/default.md b/oak-doc/src/site/markdown/security/accesscontrol/default.md index 3d046a6f5b..11241678e8 100644 --- a/oak-doc/src/site/markdown/security/accesscontrol/default.md +++ b/oak-doc/src/site/markdown/security/accesscontrol/default.md @@ -128,6 +128,11 @@ found in section [Restriction Management](../authorization/restriction.html). <a name="representation"></a> +#### Referential Integrity + +Access Control Policies (or their entries) are bound to principals and resource paths. However, both must not necessarily exist: You can have policies for non-existing paths and/or principals (i.e. referential integrity is not ensured). Deleting the referenced node or authorizable (representing the principal) won't have any effect in general. +Still, as the actual policies are persisted in the repository, they are removed whenever any of the parent nodes is removed (like any other regular child node). + ### Representation in the Repository Access control policies created and modified using the default authorization model are stored as child of
