Hi taking Robert's statement as starting point for a new discussion I wanted to raise for quite some time :-)
2018-02-06 11:37 GMT+01:00 Robert Munteanu <romb...@apache.org>: > > Sometimes it's ok to use login administrative, and I guess provisioning > system users and overall repository initialization is one of those > scenarios. > > That's an interesting statement, because I also see clearly usecases where a full admin session is necessary. Two usecases for it: * My code needs to open a session and work with it on behalf of users, which are determined during runtime. That can be easily achieved with an admin session and impersonation. To emulate this this with a system user, I have to configure every user to allow impersonation from this service user. * Package installation and deployment. During that time I have to write to /apps and /libs and potentially many other and build time unknown locations, which can only be solved reliably by granting read/write access to the root node. Plus capabilities to create nodetypes etc. Of course this can be emulated by a service user as well, but in the end this service user has nearly the same permissions as admin. Long story short: Is the loginAdministrative() method planned to be removed? If yes, we should clearly give best practices and document how it can be replaced even in the non-trivial cases. If it's going to stay, we should remove the deprecation warning. -- Cheers, Jörg Hoh, http://cqdump.wordpress.com Twitter: @joerghoh
