Apache Sling Website > Apache Sling > Documentation > Bundles > Managing permissions (jackrabbit.accessmanager)
Managing permissions
The jackrabbit-accessmanager bundle delivers a REST interface to manipulate users permissions in the JCR. After installing the jackrabbit-accessmanager bundle the REST services are exposed under the path of the node where you will manipulate the
permissions for a user with a specific selector like modifyAce, acl and deleteAce.
Privileges
| privilagename | description |
|---|---|
| jcr:read | the privilege to retrieve a node and get its properties and their values |
| jcr:readAccessControl | the privilege to get the access control policy of a node |
| jcr:modifyProperties | the privilege to create, modify and remove the properties of a node |
| jcr:addChildNodes | the privilege to create child nodes of a node |
| jcr:removeChildNodes | the privilege to remove child nodes of a node |
| jcr:removeNode | the privilege to remove a node |
| jcr:write | an aggregate privilege that contains: jcr:modifyProperties jcr:addChildNodes jcr:removeNode jcr:removeChildNodes |
| jcr:modifyAccessControl | the privilege to modify the access control policies of a node |
| jcr:all | n aggregate privilege that contains all predefined privileges |
Add or modify permissions
To modify the permissions for a node POST a request to /<path-to-the-node>.modifyAce.html. The following parameters are available:
| parameter name |
required |
description |
|---|---|---|
| principalId |
yes |
The name of the user or the group to assign the privileges to |
| privilege@<privilege-name>=granted |
yes |
The privilege which should be set. Instead of granted it's also possible to use denied to set a privilege is denied to a user or group. As privilege name see table above |
Responses:
| 200 | Success |
| 500 | Failure, HTML explains failure. |
Example with curl:
curl -FprincipalId=myuser -Fprivilege@jcr:read=granted http://localhost:8080/test/node.modifyAce.html
Delete permissions
To delete permissions for a node POST a request to /<path-to-the-node>.deleteAce.html. The following parameters are available:
| parameter name |
required |
description |
|---|---|---|
| :applyTo |
yes |
An array with the name of the users and/or the name of the groups to remove the privileges. |
Responses:
| 200 | Success |
| 500 | Failure, HTML explains failure. |
Example with curl:
curl -F:applyTo=myuser http://localhost:8080/test/node.deleteAce.html
Get permissions
To get permissions in a json format for a node send a GET request to /<path-to-the-node>.acl.json.
Example:
http://localhost:8080/test/node.acl.json