Thanks, will try to come up with a documentation PR.
Konrad
> On 28. Apr 2023, at 12:07, Angela Schreiber <anch...@adobe.com.INVALID> wrote:
>
> Hi Konrad
>
> There exists no automatic cleanup for access control entries bound to a
> specific principal or path.
>
> If the tree where the policy is stored gets deleted (or any of it's parents
> for that matter) the policy node will be removed. This may or may not be the
> access-controlled tree where the policy (or it's entries) take effect (see
> JCR specification about the effect of access control policies).
> Alternatively, the policy itself can be removed using
> AccessControlManager#removePolicy.
>
> In other words:
>
> * you can have/define resource-based ACEs for non-existing principals
> * you can have/define principal-based ACEs for non-existing paths
>
> Hope that helps
> Angela
>
>
>
> ________________________________
> From: Konrad Windszus <k...@apache.org>
> Sent: Friday, April 28, 2023 11:53
> To: oak-dev@jackrabbit.apache.org <oak-dev@jackrabbit.apache.org>
> Subject: Referential Integrity of Access Control Policies
>
>
> Hi,
> How are access control policies supposed to behave in case the referenced
> principal or node path is deleted? Are they automatically cleaned up?
>
> They are automatically deleted whenever the parent node is being deleted
> (while for resource based ACLs this is expected and makes sense for principal
> ACLs this may sometimes lead to surprises).
>
> I would like to add a paragraph to both
> https://jackrabbit.apache.org/oak/docs/security/authorization/principalbased.html
> and
> https://jackrabbit.apache.org/oak/docs/security/accesscontrol/default.html to
> document this, so I would appreciate some pointers.
>
> Thanks in advance,
> Konrad
>
>
