Hi Marco To be quite frank, there are some variants in the AccessControlUtils that are rather troublesome and bad, because they hide the fact that the impl needs to make an internal lookup (in case of principals this is a query which requires data to be persisted).
Having said that: Using the variant that takes a Principal instance will likely do the trick as there is no extra lookup needed. Note however that your editing session needs to have sufficient karma to read the target principal + additionally needs to have jcr:modifyAccessControl permission in order to be able to edit access control content. If you user session only has the latter but doesn't have sufficient permission to read the principal, you have two options: - accept the fact that your user-session doesn't have sufficient permission (imho that's the formally correct setup from a security pov) - Oak: run the repo with the best-effort import option for access control in which case the principal validation as mandated by jsr 283 is relaxed and you can create an ACE with any principal object. hope that helps angela On 07/03/16 18:28, "marco" <[email protected]> wrote: >I have two users "userA" and "userB". With "userA" I create a node and i >want >to grant read permission to "userB" on that node. > >If i do: >AccessControlUtils.allow(folderA, "userB", new >String[]{Privilege.JCR_READ}); > >the command fails because is not possible to find the principal "userB" in >the current session. > >Same thing happens if i try to find the principal before executing the >allow >function: >Session userSession = repository.login(new SimpleCredentials("userA", >"password".toCharArray())); >Authorizable userBAuth = ((JackrabbitSession) >userSession).getUserManager().getAuthorizable("Users"); >AccessControlUtils.allow(folderA, userBAuth.getPrincipal().getName(), new >String[]{Privilege.JCR_READ}); > >How can i do it without using the administrator account? (With admin >account >everything works fine). > >Marco. > > > >-- >View this message in context: >http://jackrabbit.510166.n4.nabble.com/non-administrator-user-how-to-grant >-permission-on-folder-tp4663773.html >Sent from the Jackrabbit - Users mailing list archive at Nabble.com.
