Access control inheritance issue
Hi,
I was setting up users permissions using ACLSetup class. I am using the allow;jcr:read;production-users;/content format. I have to restrict access of some pages to a particular group but have to leave rest of the pages editable for that group. All the pages are sub pages of the parent home page. I thought of providing jcr:all access to the parent home page and then restricting access to the sub pages and setup the rules for that in AclSetup. However, if i give more permissions to the parent page they are being inherited. I tried reversing the order of permission in ACL with no luck.
- When you set
allowordenypermission on a given node then 3 scenarios are possible:- if the same ACE (Access Control Entry) is being inherited from a parent node and no matching ACE already exists on the node then nothing will be done.
- if the same ACE is being inherited from a parent node and a matching ACE is already defined on that path then it will be removed.
- if the same ACE is not being inherited from a parent node then the ACE will be created for that node.''
I can setup permissions for individual section of the website but it will be a long task and any section added in future will require change to the ACL file.
Any help will be appreciated.