The {@code AccessControlAction} allows to setup permissions upon creationof a new authorizable; namely the privileges the new authorizable should be granted on it's own 'home directory' being represented by the new node associated with that new authorizable.
The following to configuration parameters are available with this implementation:
- groupPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new group on the group node
- userPrivilegeNames: the value is expected to be a comma separated list of privileges that will be granted to the new user on the user node.
Example configuration:
groupPrivilegeNames : "jcr:read" userPrivilegeNames : "jcr:read, rep:write"
This configuration could for example lead to the following content structure upon user or group creation. Note however that the resulting structure depends on the actual access control management being in place:
UserManager umgr = ((JackrabbitSession) session).getUserManager(); User user = umgr.createUser("testUser", "t"); + t rep:AuthorizableFolder + te rep:AuthorizableFolder + testUser rep:User, mix:AccessControllable + rep:policy rep:ACL + allow rep:GrantACE - rep:principalName = "testUser" - rep:privileges = ["jcr:read","rep:write"] - rep:password - rep:principalName = "testUser" UserManager umgr = ((JackrabbitSession) session).getUserManager(); Group group = umgr.createGroup("testGroup"); + t rep:AuthorizableFolder + te rep:AuthorizableFolder + testGroup rep:Group, mix:AccessControllable + rep:policy rep:ACL + allow rep:GrantACE - rep:principalName = "testGroup" - rep:privileges = ["jcr:read"] - rep:principalName = "testGroup"