Views
Replies
Total Likes
rep:policy
)The default access control lists are bound to individual nodes. They may be used to grant/deny access for all operations that are in some way related to JCR items: regular read/write, access control management, versioning, locking and as of Oak 1.0 user management and writing index definitions.
/rep:repoPolicy
)The access control lists bound to the null
path can be used to grant/deny privileges associated with operations on repository-level such as namespace, node type, privilege and workspace management.
The effect of these entries is limited to the repository operations and is no inherited to any items inside the repository.
Access control policies created and modified using the default authorization model are stored as child of the node they are bound to with name rep:policy
or as node with path /rep:repoPolicy
(for repo-level policies).
"": {
"jcr:primaryType": "rep:root",
"content": {
"jcr:primaryType": "oak:Unstructured",
"jcr:mixinTypes": "rep:AccessControllable",
"rep:policy": {
"jcr:primaryType": "rep:ACL",
"allow": {
"jcr:primaryType": "rep:GrantACE",
"rep:principalName": "jackrabbit",
"rep:privileges": ["jcr:read", "rep:write"]
},
"deny": {
"jcr:primaryType": "rep:DenyACE",
"rep:principalName": "jackrabbit",
"rep:privileges": ["jcr:addNodes", "rep:addProperties"],
"rep:restrictions" {
"jcr:primaryType": "rep:Restrictions",
"rep:ntNames": ["nt:hierarchyNode", "nt:resource"]
}
}
}
}
}
"": { "jcr:primaryType": "rep:root", "jcr:mixinTypes": "rep:RepoAccessControllable", "rep:repoPolicy": { "jcr:primaryType": "rep:ACL", "allow": { "jcr:primaryType": "rep:GrantACE", "rep:principalName": "elefant", "rep:privileges": ["rep:privilegeManagement"] } } }
Please refer for information
https://jackrabbit.apache.org/oak/docs/security/accesscontrol/default.html
Hope this is helpful
Hi
Access control policies created and modified using the default authorization model are stored as child of the node they are bound to with name rep:policy
or as node with path /rep:repoPolicy
(for repo-level policies).
you will get more details on this url
Ref : https://jackrabbit.apache.org/oak/docs/security/accesscontrol/default.html
hope this help to understand.
Thanks
Additionally, you can refer to this document - https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/user-group-ac-a...
The main difference b/w the two is rep:repoPolicy applies to the repository, whereas the other associates with path.
rep:policy
)The default access control lists are bound to individual nodes. They may be used to grant/deny access for all operations that are in some way related to JCR items: regular read/write, access control management, versioning, locking and as of Oak 1.0 user management and writing index definitions.
/rep:repoPolicy
)The access control lists bound to the null
path can be used to grant/deny privileges associated with operations on repository-level such as namespace, node type, privilege and workspace management.
The effect of these entries is limited to the repository operations and is no inherited to any items inside the repository.
Access control policies created and modified using the default authorization model are stored as child of the node they are bound to with name rep:policy
or as node with path /rep:repoPolicy
(for repo-level policies).
"": {
"jcr:primaryType": "rep:root",
"content": {
"jcr:primaryType": "oak:Unstructured",
"jcr:mixinTypes": "rep:AccessControllable",
"rep:policy": {
"jcr:primaryType": "rep:ACL",
"allow": {
"jcr:primaryType": "rep:GrantACE",
"rep:principalName": "jackrabbit",
"rep:privileges": ["jcr:read", "rep:write"]
},
"deny": {
"jcr:primaryType": "rep:DenyACE",
"rep:principalName": "jackrabbit",
"rep:privileges": ["jcr:addNodes", "rep:addProperties"],
"rep:restrictions" {
"jcr:primaryType": "rep:Restrictions",
"rep:ntNames": ["nt:hierarchyNode", "nt:resource"]
}
}
}
}
}
"": { "jcr:primaryType": "rep:root", "jcr:mixinTypes": "rep:RepoAccessControllable", "rep:repoPolicy": { "jcr:primaryType": "rep:ACL", "allow": { "jcr:primaryType": "rep:GrantACE", "rep:principalName": "elefant", "rep:privileges": ["rep:privilegeManagement"] } } }
Please refer for information
https://jackrabbit.apache.org/oak/docs/security/accesscontrol/default.html
Hope this is helpful
Thanks @Mani_kumar_
Views
Likes
Replies
Views
Likes
Replies