This is an old version of the Sling website, see the site conversion page for more info.
Apache

Documentation
Getting Started
The Sling Engine
Development
Bundles
Tutorials & How-Tos
Configuration
API docs
Wiki
FAQ

Project info
Downloads
License
Contributing
News
Links
Project Information
Issue Tracker
Browse Source Repository
Security

Sponsorship
Thanks
Become a Sponsor
Buy Stuff

Apache Sling Website > Apache Sling > Documentation > Bundles > Managing permissions (jackrabbit.accessmanager)

Managing permissions

The jackrabbit-accessmanager bundle delivers a REST interface to manipulate users permissions in the JCR. After installing the jackrabbit-accessmanager bundle the REST services are exposed under the path of the node where you will manipulate the permissions for a user with a specific selector like modifyAce, acl and deleteAce.

Privileges

privilagename description
jcr:read the privilege to retrieve a node and get its properties and their values
jcr:readAccessControl the privilege to get the access control policy of a node
jcr:modifyProperties the privilege to create, modify and remove the properties of a node
jcr:addChildNodes the privilege to create child nodes of a node
jcr:removeChildNodes the privilege to remove child nodes of a node
jcr:removeNode the privilege to remove a node
jcr:write an aggregate privilege that contains: jcr:modifyProperties jcr:addChildNodes jcr:removeNode jcr:removeChildNodes
jcr:modifyAccessControl the privilege to modify the access control policies of a node
jcr:lockManagement the privilege to lock and unlock a node
jcr:versionManagement the privilege to perform versioning operations on a node
jcr:nodeTypeManagement the privilege to add and remove mixin node types and change the primary node type of a node
jcr:retentionManagement the privilege to perform retention management operations on a node
jcr:lifecycleManagement the privilege to perform lifecycle operations on a node
jcr:all an aggregate privilege that contains all predefined privileges

Add or modify permissions

To modify the permissions for a node POST a request to /<path-to-the-node>.modifyAce.<html or json>. The following parameters are available:

parameter name
required
description
principalId
yes
The name of the user or the group to assign the privileges to
privilege@<privilege-name>
 yes
The privilege which should be updated. See table above for possible <privilege-name> values. The request may contain several of these parameters to update multiple privileges in a single request. The parameter value should be one of the following:
  • granted - Set the privlege as granted to the user or group.
  • denied - Set the privilege as denied to the user or group.
  • none - Unset a privilege that was previously set as granted or denied.
order no The position where the access control entry should go in the list. The parameter value should be one of the following:
  • first - Place the target ACE as the first amongst its siblings.
  • last - Place the target ACE as the last amongst its siblings.
  • before xyz - Place the target ACE immediately before the sibling whose principalId is xyz.
  • after xyz - Place the target ACE immediately after the sibling whose principalId is xyz.
  • numeric - Place the target ACE at the specified numeric index.

Responses:

200 Success
500 Failure, HTML (or JSON) explains failure.

Example with curl:

curl -FprincipalId=myuser -Fprivilege@jcr:read=granted http://localhost:8080/test/node.modifyAce.html

Delete permissions

To delete permissions for a node POST a request to /<path-to-the-node>.deleteAce.<html or json>. The following parameters are available:

parameter name
required
description
:applyTo
 yes
An array with the name of the users and/or the name of the groups to remove the privileges.

Responses:

200 Success
500 Failure, HTML (or JSON) explains failure.

Example with curl:

curl -F:applyTo=myuser http://localhost:8080/test/node.deleteAce.html

Get permissions

Bound Permissions

To get the permissions bound to a particular node in a json format for a node send a GET request to /<path-to-the-node>.acl.json.

Example:

http://localhost:8080/test/node.acl.json

Effective Permissions

To get the permissions which are effective for a particular node in a json format for a node send a GET request to /<path-to-the-node>.eacl.json.

Example:

http://localhost:8080/test/node.eacl.json
See section 16.3 of the JCR 2.0 specification for an explanation of the difference between bound and effective policies.

Sample User Interface Implementation

Since Version 2.1.1

A sample implementation of ui pages for permissions management is provided @ http://svn.apache.org/viewvc/sling/trunk/samples/accessmanager-ui/

Last modified by edn on 2011-05-05 23:30:30.0
Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.