Hi Marco Yeah... no, that's not how the default authorisation model works :-)
But obviously you would be able to write and deploy your own authorisation model that just behaves as you expected it to work. Some hints can be found at http://jackrabbit.apache.org/oak/docs/security/introduction.html I still didn't have time to write a dedicated training session for the customize-authorization topic but it's on my TODOs. Kind regards Angela On 14/02/18 10:37, "Marco Piovesana" <pioves...@esteco.com> wrote: >Hi Angela, >thanks for the answer. I thought (and I was wrong) that the user that >created a node would have had complete control on it (and not just the >permissions explicitly granted to him). That's why my question... thanks >again for the clarification. > >Marco. > > >On Wed, Feb 14, 2018 at 9:47 AM Angela Schreiber ><anch...@adobe.com.invalid> >wrote: > >> Hi Marco >> >> It depends a bit on how you originally setup the 'ownership' in the >>first >> place. >> - if you have granted permissions to userA _on_ that very node, you can >> simply remove the entries and create new ones for the new owner. >> - if you have granted permissions to userA on a _parent_ node you can >> either fix the entries at the parent or add a denying entry at the >>target. >> - if permissions are inherited from other principals (e.g. through group >> membership) you can either 'fix' the set of principals that is add to >>the >> Subject upon login (e.g. through changes of group membership) or again >> through an explicit deny. >> Which variant (and there might be some more) is the best one, depends on >> your requirements. >> Also note that for modification of the permission setup your session not >> only requires regular write privileges but read/modify access control >> privileges. >> >> See the Oak documentation for additional details in particular >> >>http://jackrabbit.apache.org/oak/docs/security/permission/evaluation.html >> You may also want to take a look at the oak-exercise module which comes >> with quite some training material for the default authorisation model. >> >> Hope that helps >> Angela >> >> >> On 13/02/18 18:36, "Marco Piovesana" <pioves...@esteco.com> wrote: >> >> >Hi all, >> >is it possible to change the owner of a node? What I'm trying to do is >> >move >> >a node created by userA from its original folder to another place. >>After >> >the node is moved I want to revoke all permission to userA on that >>node. >> > >> >Marco. >> >>