Apache

Documentation
Getting Started
The Sling Engine
Development
Bundles
Tutorials & How-Tos
Configuration

Wiki
FAQ

API Docs
Sling 8
Sling 7
Sling 6
Sling 5
Archive at javadoc.io

Project info
Downloads
License
Contributing
News
Links
Project Information
Issue Tracker
Build Server
Security

Source
Subversion
Git
Github Mirror

Sponsorship
Thanks
Become a Sponsor
Buy Stuff

Site Map

Home » Documentation » Bundles

Managing permissions (jackrabbit.accessmanager)

The jackrabbit-accessmanager bundle delivers a REST interface to manipulate users permissions in the JCR. After installing the jackrabbit-accessmanager bundle the REST services are exposed under the path of the node where you will manipulate the permissions for a user with a specific selector like modifyAce, acl and deleteAce. [TOC]

Privileges

privilagename description
jcr:read the privilege to retrieve a node and get its properties and their values
jcr:readAccessControl the privilege to get the access control policy of a node
jcr:modifyProperties the privilege to create, modify and remove the properties of a node
jcr:addChildNodes the privilege to create child nodes of a node
jcr:removeChildNodes the privilege to remove child nodes of a node
jcr:removeNode the privilege to remove a node
jcr:write an aggregate privilege that contains: jcr:modifyProperties jcr:addChildNodes jcr:removeNode jcr:removeChildNodes
jcr:modifyAccessControl the privilege to modify the access control policies of a node
jcr:lockManagement the privilege to lock and unlock a node
jcr:versionManagement the privilege to perform versioning operations on a node
jcr:nodeTypeManagement the privilege to add and remove mixin node types and change the primary node type of a node
jcr:retentionManagement the privilege to perform retention management operations on a node
jcr:lifecycleManagement the privilege to perform lifecycle operations on a node
jcr:all an aggregate privilege that contains all predefined privileges

Add or modify permissions

To modify the permissions for a node POST a request to /<path-to-the-node>.modifyAce.<html or json>. The following parameters are available:

Responses: | 200 | Success | | 500 | Failure, HTML (or JSON) explains failure. | Example with curl:

curl -FprincipalId=myuser -Fprivilege@jcr:read=granted http://localhost:8080/test/node.modifyAce.html

Delete permissions

To delete permissions for a node POST a request to /<path-to-the-node>.deleteAce.<html or json>. The following parameters are available:

Responses: | 200 | Success | | 500 | Failure, HTML (or JSON) explains failure. | Example with curl:

curl -F:applyTo=myuser http://localhost:8080/test/node.deleteAce.html

Get permissions

Bound Permissions

To get the permissions bound to a particular node in a json format for a node send a GET request to /<path-to-the-node>.acl.json.

Example:

http://localhost:8080/test/node.acl.json

Effective Permissions

To get the permissions which are effective for a particular node in a json format for a node send a GET request to /<path-to-the-node>.eacl.json.

Example:

http://localhost:8080/test/node.eacl.json
See section 16.3 of the JCR 2.0 specification for an explanation of the difference between bound and effective policies.

Sample User Interface Implementation

Since Version 2.1.1

A sample implementation of ui pages for permissions management is provided @ http://svn.apache.org/viewvc/sling/trunk/samples/accessmanager-ui/

Rev. 1464512 by bdelacretaz on Thu, 4 Apr 2013 13:03:31 +0000
Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.