[ https://issues.apache.org/jira/browse/OAK-1163?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13818772#comment-13818772 ]
angela commented on OAK-1163: ----------------------------- adjusting summary: as of oak there is a clear separation between access control management (-> ACL belongs there) and the permission evaluation. we should make sure we understand the difference when reporting issues in order to avoid confusions. > Observation events should respect permissions > --------------------------------------------- > > Key: OAK-1163 > URL: https://issues.apache.org/jira/browse/OAK-1163 > Project: Jackrabbit Oak > Issue Type: New Feature > Components: core, jcr, security > Reporter: Alexander Klimetschek > > The JCR observation implementation in Oak does not evaluate ACLs yet, so any > session currently sees all events. {{SecureValidator}} is the intended place > to do the checks. -- This message was sent by Atlassian JIRA (v6.1#6144)