Thank you. I had read the definitions on several webpages but I'm always wondering whether I got it right. The property "jcr:write" for example consists of jcr:modifyProperties (and serveral others). In my understanding of the word "modify" you must know the subject if you want to change it. The IBM-Host-security for example grants implicitely READ if you are WRITE-permitted. The Unix-Filesystem-permission distincts the both, I know. But I see your point and say thank you very much. Ulrich
> Angela Schreiber <[email protected]> hat am 12. Juli 2013 um 15:11 > geschrieben: > > > hi ulrich > > short version: > > - jcr:all -> is mandated to include all privileges exposed by a given impl > - jcr:write -> just item write (except for protected items which are covered > by > specific privileges) > - jcr:read -> read items (except for access control items) > > please refer to JSR 283 for details on the different built in privileges > and further details such as the 'abstract' flag, aggregation and possible > extension points for the implementor. > > regards > angela > > On Jul 11, 2013, at 3:46 PM, Ulrich <[email protected]> wrote: > > > Hello Angela, > > > > this will help. I thought to get a list of principals permitted for a > > specific > > privilege (e.g. jcr:read). Now I have to look at all specified privileges to > > see > > whether either jcr:read has been set, or whether it may be implicitely set > > by > > other specified privileges. I'm pretty sure that read-access is granted by > > jcr:all, but I'm not sure what jcr:write means - does this include jcr:read > > as > > well? And what about the other privileges? > > > > best regards, > > Ulrich > > > >> Angela Schreiber <[email protected]> hat am 11. Juli 2013 um 13:22 > >> geschrieben: > >> > >> > >> hi ulrich > >> > >> the following method is defined by the JCR specification: > >> > >> javax.jcr.security.AccessControlManager#getEffectivePolicies(String > >> absPath) > >> and returns an array of access control policies. > >> > >> this this what you are looking for? > >> the jackrabbit API defines a variant that takes a set of principals instead > >> of a path. > >> > >> kind regards > >> angela > >> > >> On Jul 11, 2013, at 12:19 PM, Ulrich <[email protected]> wrote: > >> > >>> for a given node I need to know the list of principals with > >>> jcr:read-access. > >>> I > >>> started to create my own method by retrieving all "rep:policy"-nodes along > >>> the > >>> branch to the node. Just getting these ACLs isn't really hard work but I > >>> have to > >>> consider the meaning of all the properties of the ACEs. I will do this but > >>> I > >>> would prefer to take an already existing method to check, if there one. > >>> I have had a look at "org.apache.jackrabbit.api.security", but this does > >>> not > >>> help here. > >>> Maybe someone in the community can give a hint. > >>> Thanks in advance; > >>> Ulrich > >> >
