Hi all,
I have an application where the ACEs (Access Control Entries) are applied
to a node by users and by the system itself. By the user when she/he wants
to share the node with some other users, by the system when the node has to
be available to some users in automatic, under specific conditions. The
user should not be able to modify an ACE added by the system.
Right now, when I read the ACL, I can't tell what ACE has been created by
the user and what has been created by the system. Reading the documentation
I saw that one possible solution might be using custom restrictions
<https://jackrabbit.apache.org/oak/docs/security/authorization/restriction.html>
when creating the ACE, but I'm not sure this is one of the intended usage
for the restrictions. Is there a better solution for this problem?

Marco.

Reply via email to