Access control

You can add an access control child node to a node in the repository. This will restrict the access to the parent node and its child nodes to the access permissions of the access control node.

To add a new access control node, choose the Create new objects action, select Access control and press Next. The access control dialog will request you to enter to add a user or a group, for which you want to specify access control restrictions:

The users and roles will be specified by an administrator in the /jcr:system/nodes/users or /jcr:system/nodes/roles folder. Users and roles will be administrated by virtual page templates, like most node types in the repository.

Once you have selected a user or a role, you can configure the permissions of the person. The following permissions are available:

  • Read. This is the most important permission. Persons having denied a read permission for a node will not see the node or its sub nodes. This is the most effective means to restrict access to a branch of the repository.
  • Add node. This specifies, if it is allowed to add child nodes to a node within the branch starting at the current node.
  • Remove node. Is it allowed to remove nodes within the branch starting at the current node?
  • Set property. Is it allowed to set or modify a property of a node within the mentioned branch.
  • Remove property. Is it allowed to remove a property of a node.

The permissions may be granted or denied. Denial is more frequently used. However, it is possible to explicitly grant a permission, which is denied for a sub branch of the node denying the access. For instance, if modification is usually not allowed (Add node/Remove node/Set property/Remove property being denied for /a), it may nonetheless be granted for /a/b/c.