hi permissions granted to a user principal take precedence but it doesn't mean that permissions granted to a group principal would be ignore. they are just added. the precedence comes into place, when you deny access for 'test' but a group that user is member of would all the same.
angela On 9/20/13 1:42 PM, "anjan" <[email protected]> wrote: >I have a node (of type nt:folder) where the below privileges are granted >for >the user "test". > >jcr:primaryType = rep:GrantACE >rep:privileges = >['jcr:modifyProperties','jcr:read','jcr:versionManagement']. > >Now I am able to create a child node (of type nt:folder) successfully with >"test" user even though "test" user doesn't have the "jcr:addChildNodes" >privilege. > >This "test" user also belong to "administrator" group and I believe this >group has "jcr:all" privileges assigned to it. > >But based on my understanding, if ACEs are defined for USER principal they >will take precedence over the group principals. So I am not sure how >"test" >user can successfully create a child node. Am I missing something here? > > > > > >-- >View this message in context: >http://jackrabbit.510166.n4.nabble.com/Group-membership-and-Privileges-tp4 >659561.html >Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
