jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mreut...@apache.org
Subject svn commit: r1835390 [21/23] - in /jackrabbit/site/live/oak/docs: ./ architecture/ coldstandby/ features/ nodestore/ nodestore/document/ nodestore/segment/ oak-mongo-js/ oak_api/ plugins/ query/ security/ security/accesscontrol/ security/authentication...
Date Mon, 09 Jul 2018 08:53:19 GMT
Modified: jackrabbit/site/live/oak/docs/security/privilege/default.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/privilege/default.html?rev=1835390&r1=1835389&r2=1835390&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/security/privilege/default.html (original)
+++ jackrabbit/site/live/oak/docs/security/privilege/default.html Mon Jul  9 08:53:17 2018
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia Site Renderer 1.7.4 at 2018-05-24 
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 at 2018-07-09 
  | Rendered using Apache Maven Fluido Skin 1.6
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20180524" />
+    <meta name="Date-Revision-yyyymmdd" content="20180709" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Jackrabbit Oak &#x2013; Privilege Management : The Default Implementation</title>
     <link rel="stylesheet" href="../../css/apache-maven-fluido-1.6.min.css" />
@@ -136,7 +136,7 @@
 
       <div id="breadcrumbs">
         <ul class="breadcrumb">
-        <li id="publishDate">Last Published: 2018-05-24<span class="divider">|</span>
+        <li id="publishDate">Last Published: 2018-07-09<span class="divider">|</span>
 </li>
           <li id="projectVersion">Version: 1.10-SNAPSHOT</li>
         </ul>
@@ -240,7 +240,8 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
---><div class="section">
+-->
+<div class="section">
 <h2><a name="Privilege_Management_:_The_Default_Implementation"></a>Privilege Management : The Default Implementation</h2>
 <div class="section">
 <h3><a name="General_Notes"></a>General Notes</h3>
@@ -250,14 +251,15 @@
 <p>A comprehensive list of changes compared to Jackrabbit 2.x can be found in the corresponding <a href="differences.html">documentation</a>.</p></div>
 <div class="section">
 <h3><a name="Built-in_Privileges"></a>Built-in Privileges</h3>
-
 <ul>
-  
+
 <li>
+
 <p>All Privileges as defined by JSR 283</p>
-  
-<div class="source">
-<div class="source"><pre class="prettyprint">jcr:read (NOTE: Aggregate since Oak 1.0)
+
+<div>
+<div>
+<pre class="source">jcr:read (NOTE: Aggregate since Oak 1.0)
 jcr:modifyProperties (NOTE: Aggregate since Oak 1.0)
 jcr:addChildNodes
 jcr:removeNode
@@ -271,76 +273,75 @@ jcr:retentionManagement (NOTE: retention
 jcr:lifecycleManagement (NOTE: lifecycle management not implemented in Oak 1.0)
 jcr:write
 jcr:all
-</pre></div></div></li>
-  
+</pre></div></div>
+</li>
 <li>
+
 <p>All Privileges defined by JSR 333</p>
-  
-<div class="source">
-<div class="source"><pre class="prettyprint">jcr:workspaceManagement (NOTE: wsp management not yet implemented)
+
+<div>
+<div>
+<pre class="source">jcr:workspaceManagement (NOTE: wsp management not yet implemented)
 jcr:nodeTypeDefinitionManagement
 jcr:namespaceManagement
-</pre></div></div></li>
-  
+</pre></div></div>
+</li>
 <li>
+
 <p>All Privileges defined by Jackrabbit 2.x</p>
-  
-<div class="source">
-<div class="source"><pre class="prettyprint">rep:write
+
+<div>
+<div>
+<pre class="source">rep:write
 rep:privilegeManagement
-</pre></div></div></li>
-  
+</pre></div></div>
+</li>
 <li>
+
 <p>New Privileges defined by OAK 1.0:</p>
-  
-<div class="source">
-<div class="source"><pre class="prettyprint">rep:userManagement
+
+<div>
+<div>
+<pre class="source">rep:userManagement
 rep:readNodes
 rep:readProperties
 rep:addProperties
 rep:alterProperties
 rep:removeProperties
 rep:indexDefinitionManagement
-</pre></div></div></li>
+</pre></div></div>
+</li>
 </ul>
 <p>Please note the following differences with respect to Jackrabbit 2.x definitions:</p>
-
 <ul>
-  
+
 <li><tt>jcr:read</tt> is now an aggregation of <tt>rep:readNodes</tt> and <tt>rep:readProperties</tt></li>
-  
 <li><tt>jcr:modifyProperties</tt> is now an aggregation of <tt>rep:addProperties</tt>, <tt>rep:alterProperties</tt> and <tt>rep:removeProperties</tt></li>
 </ul>
 <div class="section">
 <h4><a name="New_Privileges"></a>New Privileges</h4>
 <p>The new Privileges introduced with Oak 1.0 have the following effect:</p>
-
 <ul>
-  
+
 <li><tt>rep:userManagement</tt>: Privilege required in order to write items that define user or group specific content.</li>
-  
 <li><tt>rep:readNodes</tt>: Privilege used to allow/deny read access to nodes (aggregate of <tt>jcr:read</tt>)</li>
-  
 <li><tt>rep:readProperties</tt>: Privilege used to allow/deny read access to properties (aggregate of <tt>jcr:read</tt>)</li>
-  
 <li><tt>rep:addProperties</tt>: Privilege required in order to create new properties (aggreate of <tt>jcr:modifyProperties</tt>)</li>
-  
 <li><tt>rep:alterProperties</tt>: Privilege required in order to change existing properties (aggreate of <tt>jcr:modifyProperties</tt>)</li>
-  
 <li><tt>rep:removeProperties</tt>: Privilege required in order to remove existing properties (aggreate of <tt>jcr:modifyProperties</tt>)</li>
-  
 <li><tt>rep:indexDefinitionManagement</tt>: Privilege required to create, modify or deleate index definitions.</li>
 </ul></div>
 <div class="section">
 <h4><a name="Mapping_Privileges_to_Items_and_API_Calls"></a>Mapping Privileges to Items and API Calls</h4>
 <p>An overview on how the built-in privileges map to API calls and individual items can be found in <a href="mappingtoitems.html">&#x2018;Mapping Privileges to Items&#x2019;</a> and <a href="mappingtoprivileges.html">&#x2018;Mapping API Calls to Privileges&#x2019;</a></p>
-<p><a name="representation"></a></p></div></div>
-<div class="section">
-<h3><a name="Representation_in_the_Repository"></a>Representation in the Repository</h3>
+<a name="representation"></a>
+### Representation in the Repository
+
 <p>As of Oak 1.0 all privilege definitions are stored in the repository itself underneath <tt>/jcr:system/rep:privileges</tt>. The following privilege related built-in node types have been added in OAK 1.0 in order to represent built-in and custom privilege definitions.</p>
 
-<div class="source">
-<div class="source"><pre class="prettyprint">[rep:Privileges]
+<div>
+<div>
+<pre class="source">[rep:Privileges]
   + * (rep:Privilege) = rep:Privilege protected ABORT
   - rep:next (LONG) protected multiple mandatory
 
@@ -349,120 +350,65 @@ rep:indexDefinitionManagement
   - rep:aggregates (NAME) protected multiple
   - rep:bits (LONG) protected multiple mandatory
 </pre></div></div>
+
 <p>Note the protection status of all child items defined by these node type definitions as they prevent modification of the privilege definitions using regular JCR write operations.</p>
-<p><a name="validation"></a></p></div>
-<div class="section">
-<h3><a name="Validation"></a>Validation</h3>
-<p>The consistency of this content structure is asserted by a dedicated <tt>PrivilegeValidator</tt>. The corresponding errors are all of type <tt>Constraint</tt> with the following codes:</p>
+<a name="validation"></a>
+### Validation
 
+<p>The consistency of this content structure is asserted by a dedicated <tt>PrivilegeValidator</tt>. The corresponding errors are all of type <tt>Constraint</tt> with the following codes:</p>
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
 <tr class="a">
-      
-<th>Code </th>
-      
-<th>Message </th>
-    </tr>
-  </thead>
-  <tbody>
-    
+<th> Code              </th>
+<th> Message                                                  </th></tr>
+</thead><tbody>
+
 <tr class="b">
-      
-<td>0041 </td>
-      
-<td>Modification of existing privilege definition X </td>
-    </tr>
-    
+<td> 0041              </td>
+<td> Modification of existing privilege definition X          </td></tr>
 <tr class="a">
-      
-<td>0042 </td>
-      
-<td>Un-register privilege X </td>
-    </tr>
-    
+<td> 0042              </td>
+<td> Un-register privilege X                                  </td></tr>
 <tr class="b">
-      
-<td>0043 </td>
-      
-<td>Next bits not updated </td>
-    </tr>
-    
+<td> 0043              </td>
+<td> Next bits not updated                                    </td></tr>
 <tr class="a">
-      
-<td>0044 </td>
-      
-<td>Privilege store not initialized </td>
-    </tr>
-    
+<td> 0044              </td>
+<td> Privilege store not initialized                          </td></tr>
 <tr class="b">
-      
-<td>0045 </td>
-      
-<td>Modification of existing privilege definition X </td>
-    </tr>
-    
+<td> 0045              </td>
+<td> Modification of existing privilege definition X          </td></tr>
 <tr class="a">
-      
-<td>0046 </td>
-      
-<td>Modification of existing privilege definition X </td>
-    </tr>
-    
+<td> 0046              </td>
+<td> Modification of existing privilege definition X          </td></tr>
 <tr class="b">
-      
-<td>0047 </td>
-      
-<td>Invalid declared aggregate name X </td>
-    </tr>
-    
+<td> 0047              </td>
+<td> Invalid declared aggregate name X                        </td></tr>
 <tr class="a">
-      
-<td>0048 </td>
-      
-<td>PrivilegeBits are missing </td>
-    </tr>
-    
+<td> 0048              </td>
+<td> PrivilegeBits are missing                                </td></tr>
 <tr class="b">
-      
-<td>0049 </td>
-      
-<td>PrivilegeBits already in used </td>
-    </tr>
-    
+<td> 0049              </td>
+<td> PrivilegeBits already in used                            </td></tr>
 <tr class="a">
-      
-<td>0050 </td>
-      
-<td>Singular aggregation is equivalent to existing privilege.</td>
-    </tr>
-    
+<td> 0050              </td>
+<td> Singular aggregation is equivalent to existing privilege.</td></tr>
 <tr class="b">
-      
-<td>0051 </td>
-      
-<td>Declared aggregate X is not a registered privilege </td>
-    </tr>
-    
+<td> 0051              </td>
+<td> Declared aggregate X is not a registered privilege       </td></tr>
 <tr class="a">
-      
-<td>0052 </td>
-      
-<td>Detected circular aggregation </td>
-    </tr>
-    
+<td> 0052              </td>
+<td> Detected circular aggregation                            </td></tr>
 <tr class="b">
-      
-<td>0053 </td>
-      
-<td>Custom aggregate privilege X is already covered. </td>
-    </tr>
-  </tbody>
+<td> 0053              </td>
+<td> Custom aggregate privilege X is already covered.         </td></tr>
+</tbody>
 </table>
-<p><a name="configuration"></a></p></div>
-<div class="section">
-<h3><a name="Configuration"></a>Configuration</h3>
-<p>There are no implementation specific configuration options associated with the privilege management implementation.</p></div></div>
+<a name="configuration"></a>
+### Configuration
+
+<p>There are no implementation specific configuration options associated with the privilege management implementation.</p></div></div></div>
         </div>
       </div>
     </div>

Modified: jackrabbit/site/live/oak/docs/security/privilege/differences.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/privilege/differences.html?rev=1835390&r1=1835389&r2=1835390&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/security/privilege/differences.html (original)
+++ jackrabbit/site/live/oak/docs/security/privilege/differences.html Mon Jul  9 08:53:17 2018
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia Site Renderer 1.7.4 at 2018-05-24 
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 at 2018-07-09 
  | Rendered using Apache Maven Fluido Skin 1.6
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20180524" />
+    <meta name="Date-Revision-yyyymmdd" content="20180709" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Jackrabbit Oak &#x2013; Privilege Management : Differences wrt Jackrabbit 2.x</title>
     <link rel="stylesheet" href="../../css/apache-maven-fluido-1.6.min.css" />
@@ -136,7 +136,7 @@
 
       <div id="breadcrumbs">
         <ul class="breadcrumb">
-        <li id="publishDate">Last Published: 2018-05-24<span class="divider">|</span>
+        <li id="publishDate">Last Published: 2018-07-09<span class="divider">|</span>
 </li>
           <li id="projectVersion">Version: 1.10-SNAPSHOT</li>
         </ul>
@@ -240,52 +240,42 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-  --><div class="section">
+  -->
+<div class="section">
 <div class="section">
 <h3><a name="Privilege_Management_:_Differences_wrt_Jackrabbit_2.x"></a>Privilege Management : Differences wrt Jackrabbit 2.x</h3>
 <div class="section">
 <h4><a name="Registration_of_Custom_Privileges"></a>Registration of Custom Privileges</h4>
 <p>As far as registration of custom privileges the Oak implementation behaves different to Jackrabbit 2.x in the following two aspects:</p>
-
 <ul>
-  
+
 <li>Registration of new privileges fails with <tt>IllegalStateException</tt> if the editing session has pending changes.</li>
-  
 <li>Any validation is performed by CommitHooks in order to make sure that modifications made on the Oak API directly is equally verified. Subsequently any violation (permission, privilege consistency) is only detected at the end of the registration process. The privilege manager itself does not perform any validation.</li>
 </ul></div>
 <div class="section">
 <h4><a name="Built-in_Privilege_Definitions"></a>Built-in Privilege Definitions</h4>
 <p>The following changes have been made to built-in privilege definitions:</p>
-
 <ul>
-  
+
 <li>Modifications:
-  
 <ul>
-    
+
 <li><tt>jcr:read</tt> is now an aggregation of <tt>rep:readNodes</tt> and <tt>rep:readProperties</tt></li>
-    
 <li><tt>jcr:modifyProperties</tt> is now an aggregation of <tt>rep:addProperties</tt>, <tt>rep:alterProperties</tt> and <tt>rep:removeProperties</tt></li>
-  </ul></li>
-  
+</ul>
+</li>
 <li>New Privileges defined by Oak 1.0:
-  
 <ul>
-    
+
 <li><tt>rep:userManagement</tt></li>
-    
 <li><tt>rep:readNodes</tt></li>
-    
 <li><tt>rep:readProperties</tt></li>
-    
 <li><tt>rep:addProperties</tt></li>
-    
 <li><tt>rep:alterProperties</tt></li>
-    
 <li><tt>rep:removeProperties</tt></li>
-    
 <li><tt>rep:indexDefinitionManagement</tt></li>
-  </ul></li>
+</ul>
+</li>
 </ul></div></div></div>
         </div>
       </div>

Modified: jackrabbit/site/live/oak/docs/security/privilege/mappingtoitems.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/privilege/mappingtoitems.html?rev=1835390&r1=1835389&r2=1835390&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/security/privilege/mappingtoitems.html (original)
+++ jackrabbit/site/live/oak/docs/security/privilege/mappingtoitems.html Mon Jul  9 08:53:17 2018
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia Site Renderer 1.7.4 at 2018-05-24 
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 at 2018-07-09 
  | Rendered using Apache Maven Fluido Skin 1.6
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20180524" />
+    <meta name="Date-Revision-yyyymmdd" content="20180709" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Jackrabbit Oak &#x2013; Privilege Management : Mapping Privileges to Items</title>
     <link rel="stylesheet" href="../../css/apache-maven-fluido-1.6.min.css" />
@@ -136,7 +136,7 @@
 
       <div id="breadcrumbs">
         <ul class="breadcrumb">
-        <li id="publishDate">Last Published: 2018-05-24<span class="divider">|</span>
+        <li id="publishDate">Last Published: 2018-07-09<span class="divider">|</span>
 </li>
           <li id="projectVersion">Version: 1.10-SNAPSHOT</li>
         </ul>
@@ -240,271 +240,156 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-  --><div class="section">
+  -->
+<div class="section">
 <div class="section">
 <h3><a name="Privilege_Management_:_Mapping_Privileges_to_Items"></a>Privilege Management : Mapping Privileges to Items</h3>
 <p>The following table allows to identify which items will be affected by the invididual built in privileges.</p>
 <p>Note: the term <i>regular</i> is used on contrast to <i>protected</i> items that are written using special API calls and thus mandate special privileges or are maintained by the system only and cannot be modified by the API consumer.</p>
 <div class="section">
 <h4><a name="Read"></a>Read</h4>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> Privilege             </th>
+<th> Affected Items                                        </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> rep:readNodes         </td>
+<td> all nodes except for access control content           </td></tr>
 <tr class="a">
-      
-<th>Privilege </th>
-      
-<th>Affected Items </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td>rep:readNodes </td>
-      
-<td>all nodes except for access control content </td>
-    </tr>
-    
-<tr class="a">
-      
-<td>rep:readProperties </td>
-      
-<td>all properties except for access control content </td>
-    </tr>
-    
-<tr class="b">
-      
-<td>jcr:readAccessControl </td>
-      
-<td>all items defining access control content (see below) </td>
-    </tr>
-  </tbody>
+<td> rep:readProperties    </td>
+<td> all properties except for access control content      </td></tr>
+<tr class="b">
+<td> jcr:readAccessControl </td>
+<td> all items defining access control content (see below) </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h4><a name="Writing_Properties"></a>Writing Properties</h4>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
 <tr class="a">
-      
-<th>Privilege </th>
-      
-<th>Affected Items </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td>rep:addProperties </td>
-      
-<td>creation of new regular properties </td>
-    </tr>
-    
-<tr class="a">
-      
-<td>rep:alterProperties </td>
-      
-<td>changing existing regular properties </td>
-    </tr>
-    
-<tr class="b">
-      
-<td>rep:removeProperties </td>
-      
-<td>removing existing regular properties </td>
-    </tr>
-  </tbody>
+<th> Privilege             </th>
+<th> Affected Items                                        </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> rep:addProperties     </td>
+<td> creation of new regular properties                    </td></tr>
+<tr class="a">
+<td> rep:alterProperties   </td>
+<td> changing existing regular properties                  </td></tr>
+<tr class="b">
+<td> rep:removeProperties  </td>
+<td> removing existing regular properties                  </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h4><a name="Writing_Nodes"></a>Writing Nodes</h4>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> Privilege             </th>
+<th> Affected Items                                        </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> jcr:addChildNodes     </td>
+<td> granted on parent to create new regular child nodes   </td></tr>
 <tr class="a">
-      
-<th>Privilege </th>
-      
-<th>Affected Items </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td>jcr:addChildNodes </td>
-      
-<td>granted on parent to create new regular child nodes </td>
-    </tr>
-    
-<tr class="a">
-      
-<td>jcr:removeChildNodes </td>
-      
-<td>granted on parent to remove regular child nodes </td>
-    </tr>
-    
-<tr class="b">
-      
-<td>rep:removeNode </td>
-      
-<td>required to be granted on regular nodes for removal </td>
-    </tr>
-    
-<tr class="a">
-      
-<td>jcr:nodeTypeManagement</td>
-      
-<td>explicitly setting or modifying node type information on a regular (non-protected) node; affected properties are <tt>jcr:primaryType</tt>, <tt>jcr:mixinTypes</tt> </td>
-    </tr>
-  </tbody>
+<td> jcr:removeChildNodes  </td>
+<td> granted on parent to remove regular child nodes       </td></tr>
+<tr class="b">
+<td> rep:removeNode        </td>
+<td> required to be granted on regular nodes for removal   </td></tr>
+<tr class="a">
+<td> jcr:nodeTypeManagement</td>
+<td> explicitly setting or modifying node type information on a regular (non-protected) node; affected properties are <tt>jcr:primaryType</tt>, <tt>jcr:mixinTypes</tt> </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h4><a name="Access_Control_Management"></a>Access Control Management</h4>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> Privilege               </th>
+<th> Affected Items                                      </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> jcr:readAccessControl   </td>
+<td> all items defining access control content [1]       </td></tr>
 <tr class="a">
-      
-<th>Privilege </th>
-      
-<th>Affected Items </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td>jcr:readAccessControl </td>
-      
-<td>all items defining access control content [1] </td>
-    </tr>
-    
-<tr class="a">
-      
-<td>jcr:modifyAccessControl </td>
-      
-<td>all items defining access control content [1] </td>
-    </tr>
-    
-<tr class="b">
-      
-<td>rep:privilegeManagement </td>
-      
-<td>implementation specific; in Oak everything below <tt>/jcr:system/rep:privileges</tt> </td>
-    </tr>
-  </tbody>
+<td> jcr:modifyAccessControl </td>
+<td> all items defining access control content [1]       </td></tr>
+<tr class="b">
+<td> rep:privilegeManagement </td>
+<td> implementation specific; in Oak everything below <tt>/jcr:system/rep:privileges</tt> </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h4><a name="Other_Session_and_Workspace_Operations"></a>Other Session and Workspace Operations</h4>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
 <tr class="a">
-      
-<th>Privilege </th>
-      
-<th>Affected Items </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td>jcr:versionManagement </td>
-      
-<td>all items defining version content [2] </td>
-    </tr>
-    
-<tr class="a">
-      
-<td>jcr:lockManagement </td>
-      
-<td>Properties <tt>jcr:lockIsDeep</tt>, <tt>jcr:lockOwner</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td>jcr:lifecycleManagement </td>
-      
-<td><tt>jcr:lifecyclePolicy</tt>, <tt>jcr:currentLifecycleState</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td>jcr:retentionManagement </td>
-      
-<td>implementation specific, in Jackrabbit 2.x the following properties: <tt>rep:hold</tt>, <tt>rep:retentionPolicy</tt>, Oak: NA </td>
-    </tr>
-    
-<tr class="b">
-      
-<td>rep:userManagement </td>
-      
-<td>all items defining user/group content [3] </td>
-    </tr>
-    
-<tr class="a">
-      
-<td>rep:indexDefinitionManagement </td>
-      
-<td>implementation specific; in Oak trees starting with an <tt>oak:index</tt> node </td>
-    </tr>
-  </tbody>
+<th> Privilege               </th>
+<th> Affected Items                                      </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> jcr:versionManagement   </td>
+<td> all items defining version content [2]              </td></tr>
+<tr class="a">
+<td> jcr:lockManagement      </td>
+<td> Properties <tt>jcr:lockIsDeep</tt>, <tt>jcr:lockOwner</tt>        </td></tr>
+<tr class="b">
+<td> jcr:lifecycleManagement </td>
+<td> <tt>jcr:lifecyclePolicy</tt>, <tt>jcr:currentLifecycleState</tt>  </td></tr>
+<tr class="a">
+<td> jcr:retentionManagement </td>
+<td> implementation specific, in Jackrabbit 2.x the following properties: <tt>rep:hold</tt>, <tt>rep:retentionPolicy</tt>, Oak: NA </td></tr>
+<tr class="b">
+<td> rep:userManagement      </td>
+<td> all items defining user/group content [3]           </td></tr>
+<tr class="a">
+<td> rep:indexDefinitionManagement </td>
+<td> implementation specific; in Oak trees starting with an <tt>oak:index</tt> node </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h4><a name="Repository_Operations"></a>Repository Operations</h4>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> Privilege               </th>
+<th> Affected Items                                      </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> jcr:namespaceManagement </td>
+<td> implementation specific; in Oak everything below <tt>/jcr:system/rep:namespaces</tt> </td></tr>
+<tr class="a">
+<td> jcr:nodeTypeDefinitionManagement </td>
+<td> implementation specific; in Oak everything below <tt>/jcr:system/jcr:nodeTypes</tt> </td></tr>
+<tr class="b">
+<td> rep:privilegeManagement </td>
+<td> implementation specific; in Oak everything below <tt>/jcr:system/rep:privileges</tt> </td></tr>
 <tr class="a">
-      
-<th>Privilege </th>
-      
-<th>Affected Items </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td>jcr:namespaceManagement </td>
-      
-<td>implementation specific; in Oak everything below <tt>/jcr:system/rep:namespaces</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td>jcr:nodeTypeDefinitionManagement </td>
-      
-<td>implementation specific; in Oak everything below <tt>/jcr:system/jcr:nodeTypes</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td>rep:privilegeManagement </td>
-      
-<td>implementation specific; in Oak everything below <tt>/jcr:system/rep:privileges</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td>jcr:workspaceManagement </td>
-      
-<td>NA </td>
-    </tr>
-  </tbody>
+<td> jcr:workspaceManagement </td>
+<td> NA                                                  </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h4><a name="Annotations"></a>Annotations</h4>
-<p>[1] In Oak reading/writing nodes with the following node types provided by the implementations present: <tt>rep:Policy</tt>, <tt>rep:ACL</tt>, <tt>rep:ACE</tt>, <tt>rep:GrantACE</tt>, <tt>rep:DenyACE</tt>, <tt>rep:Restrictions</tt> and <tt>rep:CugPolicy</tt> and all protected items defined therein.  See <a href="../accesscontrol/default.html">Default Access Control Management</a> and <a href="../authorization/cug.html">Managing Access Control with CUG</a>, respectively.</p>
+<p>[1] In Oak reading/writing nodes with the following node types provided by the implementations present: <tt>rep:Policy</tt>, <tt>rep:ACL</tt>, <tt>rep:ACE</tt>, <tt>rep:GrantACE</tt>, <tt>rep:DenyACE</tt>, <tt>rep:Restrictions</tt> and <tt>rep:CugPolicy</tt> and all protected items defined therein. See <a href="../accesscontrol/default.html">Default Access Control Management</a> and <a href="../authorization/cug.html">Managing Access Control with CUG</a>, respectively.</p>
 <p>[2] Granting jcr:versionManagement privilege at a given versionable node will allow writing items through JCR version management API which writes below <tt>/jcr:system/jcr:versionStorage</tt>, <tt>/jcr:system/jcr:activities</tt>, <tt>/jcr:system/jcr:configurations</tt> and the following properties both in the storage(s) and with the versionable node: <tt>jcr:activity</tt>, <tt>jcr:activityTitle</tt>, <tt>jcr:baseVersion</tt>, <tt>jcr:childVersionHistory</tt>, <tt>jcr:configuration</tt>, <tt>jcr:copiedFrom</tt>, <tt>jcr:frozenMixinTypes</tt>, <tt>jcr:frozenPrimaryType</tt>, <tt>jcr:frozenUuid</tt>, <tt>jcr:isCheckedOut</tt>, <tt>jcr:mergeFailed</tt>, <tt>jcr:predecessors</tt>,<tt>jcr:successors</tt>,<tt>jcr:root</tt>,<tt>jcr:versionableUuid</tt>, <tt>jcr:versionHistory</tt></p>
 <p>[3] in Oak creating nodes with the following primary types: <tt>rep:User</tt>, <tt>rep:SystemUser</tt>, <tt>rep:Group</tt>, <tt>rep:Impersonatable</tt>, <tt>rep:Members</tt>, <tt>rep:MemberReferences</tt>, <tt>rep:MemberReferencesList</tt>, <tt>rep:Password</tt> and all protected properties defined therein</p></div></div></div>
         </div>

Modified: jackrabbit/site/live/oak/docs/security/privilege/mappingtoprivileges.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/privilege/mappingtoprivileges.html?rev=1835390&r1=1835389&r2=1835390&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/security/privilege/mappingtoprivileges.html (original)
+++ jackrabbit/site/live/oak/docs/security/privilege/mappingtoprivileges.html Mon Jul  9 08:53:17 2018
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia Site Renderer 1.7.4 at 2018-05-24 
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 at 2018-07-09 
  | Rendered using Apache Maven Fluido Skin 1.6
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20180524" />
+    <meta name="Date-Revision-yyyymmdd" content="20180709" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Jackrabbit Oak &#x2013; Privilege Management : Mapping API Calls to Privileges</title>
     <link rel="stylesheet" href="../../css/apache-maven-fluido-1.6.min.css" />
@@ -136,7 +136,7 @@
 
       <div id="breadcrumbs">
         <ul class="breadcrumb">
-        <li id="publishDate">Last Published: 2018-05-24<span class="divider">|</span>
+        <li id="publishDate">Last Published: 2018-07-09<span class="divider">|</span>
 </li>
           <li id="projectVersion">Version: 1.10-SNAPSHOT</li>
         </ul>
@@ -240,7 +240,8 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-  --><div class="section">
+  -->
+<div class="section">
 <div class="section">
 <h3><a name="Privilege_Management_:_Mapping_API_Calls_to_Privileges"></a>Privilege Management : Mapping API Calls to Privileges</h3>
 <p>The following table allows to identify which API calls require which type of privilege(s)</p>
@@ -248,1333 +249,660 @@
 <h4><a name="Transient_Operations"></a>Transient Operations</h4>
 <div class="section">
 <h5><a name="Read"></a>Read</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Session.itemExists</tt>                         </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Session.getItem</tt>                            </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Session.nodeExists</tt>                         </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="a">
+<td> <tt>Session.nodeExists</tt>                         </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="b">
+<td> <tt>Session.getNode</tt>                            </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="a">
+<td> <tt>Session.getRootNode</tt>                        </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="b">
+<td> <tt>Session.getNodeByUUID</tt>                      </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Session.getNodeByIdentifier</tt>                </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Session.getNode</tt>                            </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="a">
+<td> <tt>Session.propertyExists</tt>                     </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Session.getProperty</tt>                        </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Item.getParent</tt>                             </td>
+<td> <tt>rep:readNodes</tt> on parent      </td></tr>
+<tr class="b">
+<td> <tt>Item.getAncestor</tt>                           </td>
+<td> <tt>rep:readNodes</tt> on ancestor    </td></tr>
+<tr class="a">
+<td> <tt>Node.hasNode</tt>                               </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="b">
+<td> <tt>Node.hasNodes</tt>                              </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="a">
+<td> <tt>Node.getNode</tt>                               </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="b">
+<td> <tt>Node.getNodes</tt>                              </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="a">
+<td> <tt>Node.hasProperty</tt>                           </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Node.hasProperties</tt>                         </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Node.getProperty</tt>                           </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Node.getProperties</tt>                         </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Session.itemExists</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.getItem</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Session.nodeExists</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.nodeExists</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Session.getNode</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.getRootNode</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Session.getNodeByUUID</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.getNodeByIdentifier</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Session.getNode</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.propertyExists</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Session.getProperty</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Item.getParent</tt> </td>
-      
-<td><tt>rep:readNodes</tt> on parent </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Item.getAncestor</tt> </td>
-      
-<td><tt>rep:readNodes</tt> on ancestor </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.hasNode</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.hasNodes</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.getNode</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.getNodes</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.hasProperty</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.hasProperties</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.getProperty</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.getProperties</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.getUUID</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.getIdentifier</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.getReferences</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.getWeakReferences</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.getPrimaryItem</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.getPrimaryNodeType</tt> </td>
-      
-<td><tt>rep:readProperties</tt> on jcr:primaryType </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.getMixinNodeTypes</tt> </td>
-      
-<td><tt>rep:readProperties</tt> on jcr:mixinTypes </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Property.getValue</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Property.getValues</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Property.get*</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Property.getNode</tt> </td>
-      
-<td><tt>rep:readProperties</tt>, <tt>rep:readNodes</tt> on ref-target </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Session.exportSystemView</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.exportDocumentView</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>Node.getUUID</tt>                               </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Node.getIdentifier</tt>                         </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Node.getReferences</tt>                         </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Node.getWeakReferences</tt>                     </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Node.getPrimaryItem</tt>                        </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Node.getPrimaryNodeType</tt>                    </td>
+<td> <tt>rep:readProperties</tt> on jcr:primaryType </td></tr>
+<tr class="a">
+<td> <tt>Node.getMixinNodeTypes</tt>                     </td>
+<td> <tt>rep:readProperties</tt> on jcr:mixinTypes </td></tr>
+<tr class="b">
+<td> <tt>Property.getValue</tt>                          </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Property.getValues</tt>                         </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Property.get*</tt>                              </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Property.getNode</tt>                           </td>
+<td> <tt>rep:readProperties</tt>, <tt>rep:readNodes</tt> on ref-target </td></tr>
+<tr class="b">
+<td> <tt>Session.exportSystemView</tt>                   </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Session.exportDocumentView</tt>                 </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Writing_Properties"></a>Writing Properties</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Node.setProperty</tt> (new)                     </td>
+<td> <tt>rep:addProperties</tt>            </td></tr>
+<tr class="a">
+<td> <tt>Node.setProperty</tt> (existing)                </td>
+<td> <tt>rep:alterProperties</tt>          </td></tr>
+<tr class="b">
+<td> <tt>Property.setValue</tt>                          </td>
+<td> <tt>rep:alterProperties</tt>          </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Node.setProperty</tt> (new) </td>
-      
-<td><tt>rep:addProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.setProperty</tt> (existing) </td>
-      
-<td><tt>rep:alterProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Property.setValue</tt> </td>
-      
-<td><tt>rep:alterProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Property.remove</tt> </td>
-      
-<td><tt>rep:removeProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.setProperty(String, null)</tt> </td>
-      
-<td><tt>rep:removeProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>JackrabbitSession.removeItem</tt> (item is a property) </td>
-      
-<td><tt>rep:removeProperties</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>Property.remove</tt>                            </td>
+<td> <tt>rep:removeProperties</tt>         </td></tr>
+<tr class="b">
+<td> <tt>Node.setProperty(String, null)</tt>             </td>
+<td> <tt>rep:removeProperties</tt>         </td></tr>
+<tr class="a">
+<td> <tt>JackrabbitSession.removeItem</tt> (item is a property) </td>
+<td> <tt>rep:removeProperties</tt>  </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Writing_Nodes"></a>Writing Nodes</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Node.addNode(String)</tt> </td>
-      
-<td><tt>jcr:addChildNodes</tt> (on parent) </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.remove</tt> </td>
-      
-<td><tt>jcr:removeChildNodes</tt> (on parent), <tt>jcr:removeNode</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>JackrabbitSession.removeItem</tt> (if item is a node) </td>
-      
-<td><tt>jcr:removeChildNodes</tt> (on parent), <tt>jcr:removeNode</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.addNode(String, String)</tt> </td>
-      
-<td><tt>jcr:addChildNodes</tt> (on parent), <tt>jcr:nodeTypeManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.setPrimaryType</tt> </td>
-      
-<td><tt>jcr:nodeTypeManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.addMixin</tt> </td>
-      
-<td><tt>jcr:nodeTypeManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.removeMixin</tt> </td>
-      
-<td><tt>jcr:nodeTypeManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.orderBefore</tt> </td>
-      
-<td><tt>jcr:addChildNodes</tt> and <tt>jcr:removeChildNodes</tt> (on parent) </td>
-    </tr>
-  </tbody>
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Node.addNode(String)</tt>                       </td>
+<td> <tt>jcr:addChildNodes</tt> (on parent) </td></tr>
+<tr class="a">
+<td> <tt>Node.remove</tt>                                </td>
+<td> <tt>jcr:removeChildNodes</tt> (on parent), <tt>jcr:removeNode</tt> </td></tr>
+<tr class="b">
+<td> <tt>JackrabbitSession.removeItem</tt> (if item is a node) </td>
+<td> <tt>jcr:removeChildNodes</tt> (on parent), <tt>jcr:removeNode</tt> </td></tr>
+<tr class="a">
+<td> <tt>Node.addNode(String, String)</tt>               </td>
+<td> <tt>jcr:addChildNodes</tt> (on parent), <tt>jcr:nodeTypeManagement</tt> </td></tr>
+<tr class="b">
+<td> <tt>Node.setPrimaryType</tt>                        </td>
+<td> <tt>jcr:nodeTypeManagement</tt>       </td></tr>
+<tr class="a">
+<td> <tt>Node.addMixin</tt>                              </td>
+<td> <tt>jcr:nodeTypeManagement</tt>       </td></tr>
+<tr class="b">
+<td> <tt>Node.removeMixin</tt>                           </td>
+<td> <tt>jcr:nodeTypeManagement</tt>       </td></tr>
+<tr class="a">
+<td> <tt>Node.orderBefore</tt>                           </td>
+<td> <tt>jcr:addChildNodes</tt> and <tt>jcr:removeChildNodes</tt> (on parent) </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Writing_Index_Definition"></a>Writing Index Definition</h5>
 <p>While covered by regular JCR API write operations the target items require a dedicated privilege despite the fact that the item definitions are not protected (see Oak JIRA for corresponding discussions).</p>
 <p>All items located within a path that contains <tt>oak:index</tt> will be considered part of the special index definition.</p>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Node.addNode(String, String)</tt>               </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Node.addNode(String, String)</tt> </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.addNode(String)</tt> </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.orderBefore</tt> </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.setProperty</tt> </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Property.setValue</tt> </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Item.remove</tt> (i.e. Node and Property) </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>JackrabbitSession.removeItem</tt> </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-  </tbody>
+<td> <tt>Node.addNode(String)</tt>                       </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
+<tr class="b">
+<td> <tt>Node.orderBefore</tt>                           </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
+<tr class="a">
+<td> <tt>Node.setProperty</tt>                           </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
+<tr class="b">
+<td> <tt>Property.setValue</tt>                          </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
+<tr class="a">
+<td> <tt>Item.remove</tt> (i.e. Node and Property)       </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
+<tr class="b">
+<td> <tt>JackrabbitSession.removeItem</tt>               </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Move_and_Import"></a>Move and Import</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Session.move</tt> </td>
-      
-<td><tt>jcr:removeChildNodes</tt> (source parent) and <tt>jcr:addChildNodes</tt> (target parent) </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.importXml</tt> </td>
-      
-<td>same privileges as if items would be created using regular API calls </td>
-    </tr>
-  </tbody>
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Session.move</tt>                               </td>
+<td> <tt>jcr:removeChildNodes</tt> (source parent) and <tt>jcr:addChildNodes</tt> (target parent) </td></tr>
+<tr class="a">
+<td> <tt>Session.importXml</tt>                          </td>
+<td> same privileges as if items would be created using regular API calls </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Access_Control_Management"></a>Access Control Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>AccessControlManager.getApplicablePolicies</tt> </td>
+<td> <tt>jcr:readAccessControl</tt>        </td></tr>
+<tr class="a">
+<td> <tt>AccessControlManager.getPolicies</tt>           </td>
+<td> <tt>jcr:readAccessControl</tt>        </td></tr>
+<tr class="b">
+<td> <tt>AccessControlManager.getEffectivePolicies</tt>  </td>
+<td> <tt>jcr:readAccessControl</tt>        </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>AccessControlManager.getApplicablePolicies</tt> </td>
-      
-<td><tt>jcr:readAccessControl</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>AccessControlManager.getPolicies</tt> </td>
-      
-<td><tt>jcr:readAccessControl</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>AccessControlManager.getEffectivePolicies</tt> </td>
-      
-<td><tt>jcr:readAccessControl</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>AccessControlManager.setPolicy</tt> </td>
-      
-<td><tt>jcr:modifyAccessControl</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>AccessControlManager.removePolicy</tt> </td>
-      
-<td><tt>jcr:modifyAccessControl</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>PrivilegeManager.registerPrivilege</tt> </td>
-      
-<td><tt>rep:privilegeManagent</tt> at &#x2018;null&#x2019; path </td>
-    </tr>
-  </tbody>
+<td> <tt>AccessControlManager.setPolicy</tt>             </td>
+<td> <tt>jcr:modifyAccessControl</tt>      </td></tr>
+<tr class="b">
+<td> <tt>AccessControlManager.removePolicy</tt>          </td>
+<td> <tt>jcr:modifyAccessControl</tt>      </td></tr>
+<tr class="a">
+<td> <tt>PrivilegeManager.registerPrivilege</tt>         </td>
+<td> <tt>rep:privilegeManagent</tt> at &#x2018;null&#x2019; path </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="User_Management"></a>User Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>UserManager.getAuthorizable</tt>                </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>UserManager.findAuthorizable</tt>               </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>UserManager.createUser</tt>                     </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="a">
+<td> <tt>UserManager.createSystemUser</tt>               </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="b">
+<td> <tt>UserManager.createGroup</tt>                    </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="a">
+<td> <tt>User.isDisabled</tt>                            </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>User.getDisabledReason</tt>                     </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>User.disable</tt>                               </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="b">
+<td> <tt>User.changePassword</tt>                        </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="a">
+<td> <tt>User.getCredentials</tt>                        </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>User.getImpersonation</tt>                      </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Impersonation.getImpersonators</tt>             </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Impersonation.allows</tt>                       </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Impersonation.grantImpersonation</tt>           </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Impersonation.revokeImpersonation</tt>          </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>UserManager.getAuthorizable</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>UserManager.findAuthorizable</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>UserManager.createUser</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>UserManager.createSystemUser</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>UserManager.createGroup</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>User.isDisabled</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>User.getDisabledReason</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>User.disable</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>User.changePassword</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>User.getCredentials</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>User.getImpersonation</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Impersonation.getImpersonators</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Impersonation.allows</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Impersonation.grantImpersonation</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Impersonation.revokeImpersonation</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Group.getDeclaredMembers</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Group.getMembers</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Group.isDeclaredMember</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Group.isMember</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Group.addMember</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Group.removeMember</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Authorizable.getID</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Authorizable.getPrincipal</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Authorizable.getPath</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Authorizable.declaredMemberOf</tt> </td>
-      
-<td><tt>jcr:read</tt> (on groups listing this user/group as member) </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Authorizable.memberOf</tt> </td>
-      
-<td><tt>jcr:read</tt> (on groups listing this user/group as member) </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Authorizable.remove</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Authorizable.getPropertyNames</tt> </td>
-      
-<td><tt>jcr:read</tt> or <tt>rep:readProperties</tt> (no relPath) </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Authorizable.hasProperty</tt> </td>
-      
-<td><tt>jcr:read</tt> or <tt>rep:readProperties</tt> (no relPath) </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Authorizable.getProperty</tt> </td>
-      
-<td><tt>jcr:read</tt> or <tt>rep:readProperties</tt> (no relPath) </td>
-      
-<td> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Authorizable.setProperty</tt> (no relPath) </td>
-      
-<td><tt>rep:addProperties</tt> and/or <tt>rep:alterProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Authorizable.setProperty</tt> (with relPath </td>
-      
-<td><tt>rep:addProperties</tt> and/or <tt>rep:alterProperties</tt>, <tt>jcr:addChildNodes</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Authorizable.removeProperty</tt> </td>
-      
-<td><tt>rep:removeProperties</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>Group.getDeclaredMembers</tt>                   </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Group.getMembers</tt>                           </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Group.isDeclaredMember</tt>                     </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Group.isMember</tt>                             </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Group.addMember</tt>                            </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Group.removeMember</tt>                         </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Authorizable.getID</tt>                         </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Authorizable.getPrincipal</tt>                  </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Authorizable.getPath</tt>                       </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Authorizable.declaredMemberOf</tt>              </td>
+<td> <tt>jcr:read</tt> (on groups listing this user/group as member) </td></tr>
+<tr class="a">
+<td> <tt>Authorizable.memberOf</tt>                      </td>
+<td> <tt>jcr:read</tt> (on groups listing this user/group as member) </td></tr>
+<tr class="b">
+<td> <tt>Authorizable.remove</tt>                        </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Authorizable.getPropertyNames</tt>              </td>
+<td> <tt>jcr:read</tt> or <tt>rep:readProperties</tt> (no relPath) </td></tr>
+<tr class="b">
+<td> <tt>Authorizable.hasProperty</tt>                   </td>
+<td> <tt>jcr:read</tt> or <tt>rep:readProperties</tt> (no relPath) </td></tr>
+<tr class="a">
+<td> <tt>Authorizable.getProperty</tt>                   </td>
+<td> <tt>jcr:read</tt> or <tt>rep:readProperties</tt> (no relPath) </td>
+<td>                     </td></tr>
+<tr class="b">
+<td> <tt>Authorizable.setProperty</tt> (no relPath)      </td>
+<td> <tt>rep:addProperties</tt> and/or <tt>rep:alterProperties</tt> </td></tr>
+<tr class="a">
+<td> <tt>Authorizable.setProperty</tt> (with relPath     </td>
+<td> <tt>rep:addProperties</tt> and/or <tt>rep:alterProperties</tt>, <tt>jcr:addChildNodes</tt> </td></tr>
+<tr class="b">
+<td> <tt>Authorizable.removeProperty</tt>                </td>
+<td> <tt>rep:removeProperties</tt>         </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="LifeCycle_Management"></a>LifeCycle Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Node.followLifecycleTransition</tt> </td>
-      
-<td><tt>jcr:lifecycleManagement</tt> </td>
-    </tr>
-  </tbody>
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Node.followLifecycleTransition</tt>             </td>
+<td> <tt>jcr:lifecycleManagement</tt>      </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Retention_Management"></a>Retention Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>RetentionManager.getHolds</tt>                  </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>RetentionManager.getRetentionPolicy</tt>        </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>RetentionManager.addHold</tt>                   </td>
+<td> <tt>jcr:retentionManagement</tt>      </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>RetentionManager.getHolds</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>RetentionManager.getRetentionPolicy</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>RetentionManager.addHold</tt> </td>
-      
-<td><tt>jcr:retentionManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>RetentionManager.removeHold</tt> </td>
-      
-<td><tt>jcr:retentionManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>RetentionManager.setRetentionPolicy</tt> </td>
-      
-<td><tt>jcr:retentionManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>RetentionManager.removeRetentionPolicy</tt> </td>
-      
-<td><tt>jcr:retentionManagement</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>RetentionManager.removeHold</tt>                </td>
+<td> <tt>jcr:retentionManagement</tt>      </td></tr>
+<tr class="b">
+<td> <tt>RetentionManager.setRetentionPolicy</tt>        </td>
+<td> <tt>jcr:retentionManagement</tt>      </td></tr>
+<tr class="a">
+<td> <tt>RetentionManager.removeRetentionPolicy</tt>     </td>
+<td> <tt>jcr:retentionManagement</tt>      </td></tr>
+</tbody>
 </table></div></div>
 <div class="section">
 <h4><a name="Workspace_Operations"></a>Workspace Operations</h4>
 <div class="section">
 <h5><a name="Move_Copy_and_Import"></a>Move, Copy and Import</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Workspace.move</tt> </td>
-      
-<td><tt>jcr:removeChildNodes</tt> (source parent) and <tt>jcr:addChildNodes</tt> (target parent) </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Workspace.copy</tt> </td>
-      
-<td>same privileges as if items would be created using regular API calls </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Workspace.importXml</tt> </td>
-      
-<td>same privileges as if items would be created using regular API calls </td>
-    </tr>
-  </tbody>
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Workspace.move</tt>                             </td>
+<td> <tt>jcr:removeChildNodes</tt> (source parent) and <tt>jcr:addChildNodes</tt> (target parent) </td></tr>
+<tr class="a">
+<td> <tt>Workspace.copy</tt>                             </td>
+<td> same privileges as if items would be created using regular API calls </td></tr>
+<tr class="b">
+<td> <tt>Workspace.importXml</tt>                        </td>
+<td> same privileges as if items would be created using regular API calls </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Version_Management"></a>Version Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>VersionManager.isCheckedOut</tt>                </td>
+<td> <tt>rep:readNodes</tt> on versionable node and <tt>rep:readProperties</tt> on its property <tt>jcr:isCheckedOut</tt> </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.getVersionHistory</tt>           </td>
+<td> <tt>rep:readNodes</tt> on versionable node and <tt>rep:readProperties</tt> on its property <tt>jcr:versionHistory</tt> </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.getBaseVersion</tt>              </td>
+<td> <tt>rep:readNodes</tt> on versionable node and <tt>rep:readProperties</tt> on its property <tt>jcr:baseVersion</tt> </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.checkin</tt>                     </td>
+<td> <tt>jcr:versionManagement</tt> on versionable node </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.checkout</tt>                    </td>
+<td> <tt>jcr:versionManagement</tt> on versionable node </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.checkpoint</tt>                  </td>
+<td> <tt>jcr:versionManagement</tt> on versionable node </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.restore</tt>                     </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.restoreByLabel</tt>              </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.merge</tt>                       </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.cancelMerge</tt>                 </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.doneMerge</tt>                   </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.createConfiguration</tt>         </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.setActivity</tt>                 </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.createActivity</tt>              </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.removeActivity</tt>              </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="a">
+<td> <tt>VersionHistory.*</tt> (read)                    </td>
+<td> <tt>rep:readNodes</tt> on versionable node </td></tr>
+<tr class="b">
+<td> <tt>VersionHistory.removeVersion</tt>               </td>
+<td> <tt>jcr:versionManagement</tt> on versionable node </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.isCheckedOut</tt> </td>
-      
-<td><tt>rep:readNodes</tt> on versionable node and <tt>rep:readProperties</tt> on its property <tt>jcr:isCheckedOut</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.getVersionHistory</tt> </td>
-      
-<td><tt>rep:readNodes</tt> on versionable node and <tt>rep:readProperties</tt> on its property <tt>jcr:versionHistory</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.getBaseVersion</tt> </td>
-      
-<td><tt>rep:readNodes</tt> on versionable node and <tt>rep:readProperties</tt> on its property <tt>jcr:baseVersion</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.checkin</tt> </td>
-      
-<td><tt>jcr:versionManagement</tt> on versionable node </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.checkout</tt> </td>
-      
-<td><tt>jcr:versionManagement</tt> on versionable node </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.checkpoint</tt> </td>
-      
-<td><tt>jcr:versionManagement</tt> on versionable node </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.restore</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.restoreByLabel</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.merge</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.cancelMerge</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.doneMerge</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.createConfiguration</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.setActivity</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.createActivity</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.removeActivity</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionHistory.*</tt> (read) </td>
-      
-<td><tt>rep:readNodes</tt> on versionable node </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionHistory.removeVersion</tt> </td>
-      
-<td><tt>jcr:versionManagement</tt> on versionable node </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Version.*</tt> (read) </td>
-      
-<td><tt>rep:readNodes</tt> on versionable node </td>
-    </tr>
-  </tbody>
+<td> <tt>Version.*</tt> (read)                           </td>
+<td> <tt>rep:readNodes</tt> on versionable node </td></tr>
+</tbody>
 </table>
 <p>NOTE: since Oak 1.0 read/write access to version storage is defined by accessibility of the versionable node and <i>not</i> to the version store items.</p></div>
 <div class="section">
 <h5><a name="Lock_Management"></a>Lock Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>LockManager.getLock</tt> = <tt>Node.getLock</tt>       </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>LockManager.getLock</tt> = <tt>Node.getLock</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>LockManager.isLocked</tt> = <tt>Node.isLocked</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>LockManager.holdsLock</tt> = <tt>Node.holdsLock</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>LockManager.lock</tt> = <tt>Node.lock</tt> </td>
-      
-<td><tt>jcr:lockManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>LockManager.unlock</tt> = <tt>Node.unlock</tt> </td>
-      
-<td><tt>jcr:lockManagement</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>LockManager.isLocked</tt> = <tt>Node.isLocked</tt>     </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>LockManager.holdsLock</tt> = <tt>Node.holdsLock</tt>   </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>LockManager.lock</tt> = <tt>Node.lock</tt>             </td>
+<td> <tt>jcr:lockManagement</tt>           </td></tr>
+<tr class="b">
+<td> <tt>LockManager.unlock</tt> = <tt>Node.unlock</tt>         </td>
+<td> <tt>jcr:lockManagement</tt>           </td></tr>
+</tbody>
 </table></div></div>
 <div class="section">
 <h4><a name="Repository_Operations"></a>Repository Operations</h4>
 <p>Note: privileges for repository operations need to be granted|denied on the <i>null</i> path.</p>
 <div class="section">
 <h5><a name="Namespace_Management"></a>Namespace Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>NamespaceRegistry.getPrefix</tt>                </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>NamespaceRegistry.getPrefixes</tt>              </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>NamespaceRegistry.getURI</tt>                   </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>NamespaceRegistry.getPrefix</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NamespaceRegistry.getPrefixes</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NamespaceRegistry.getURI</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NamespaceRegistry.getURIs</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NamespaceRegistry.registerNamespace</tt> </td>
-      
-<td><tt>jcr:namespaceManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NamespaceRegistry.unregisterNamespace</tt> </td>
-      
-<td><tt>jcr:namespaceManagement</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>NamespaceRegistry.getURIs</tt>                  </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>NamespaceRegistry.registerNamespace</tt>        </td>
+<td> <tt>jcr:namespaceManagement</tt>      </td></tr>
+<tr class="a">
+<td> <tt>NamespaceRegistry.unregisterNamespace</tt>      </td>
+<td> <tt>jcr:namespaceManagement</tt>      </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="NodeType_Management"></a>NodeType Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>NodeTypeManager.hasNodeType</tt>                </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>NodeTypeManager.hasNodeType</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NodeTypeManager.getNodeType</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NodeTypeManager.getAllNodeTypes</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NodeTypeManager.getPrimaryNodeTypes</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NodeTypeManager.getMixinNodeTypes</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NodeTypeManager.createNodeTypeTemplate</tt> </td>
-      
-<td>NA </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NodeTypeManager.createNodeDefinitionTemplate</tt> </td>
-      
-<td>NA </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NodeTypeManager.createPropertyDefinitionTemplate</tt> </td>
-      
-<td>NA </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NodeTypeManager.registerNodeType</tt> </td>
-      
-<td><tt>jcr:nodeTypeDefinitionManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NodeTypeManager.registerNodeTypes</tt> </td>
-      
-<td><tt>jcr:nodeTypeDefinitionManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NodeTypeManager.unregisterNodeType</tt> </td>
-      
-<td><tt>jcr:nodeTypeDefinitionManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NodeTypeManager.unregisterNodeTypes</tt> </td>
-      
-<td><tt>jcr:nodeTypeDefinitionManagement</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>NodeTypeManager.getNodeType</tt>                </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>NodeTypeManager.getAllNodeTypes</tt>            </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>NodeTypeManager.getPrimaryNodeTypes</tt>        </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>NodeTypeManager.getMixinNodeTypes</tt>          </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>NodeTypeManager.createNodeTypeTemplate</tt>     </td>
+<td> NA                             </td></tr>
+<tr class="b">
+<td> <tt>NodeTypeManager.createNodeDefinitionTemplate</tt>     </td>
+<td> NA                       </td></tr>
+<tr class="a">
+<td> <tt>NodeTypeManager.createPropertyDefinitionTemplate</tt> </td>
+<td> NA                       </td></tr>
+<tr class="b">
+<td> <tt>NodeTypeManager.registerNodeType</tt>           </td>
+<td> <tt>jcr:nodeTypeDefinitionManagement</tt> </td></tr>
+<tr class="a">
+<td> <tt>NodeTypeManager.registerNodeTypes</tt>          </td>
+<td> <tt>jcr:nodeTypeDefinitionManagement</tt> </td></tr>
+<tr class="b">
+<td> <tt>NodeTypeManager.unregisterNodeType</tt>         </td>
+<td> <tt>jcr:nodeTypeDefinitionManagement</tt> </td></tr>
+<tr class="a">
+<td> <tt>NodeTypeManager.unregisterNodeTypes</tt>        </td>
+<td> <tt>jcr:nodeTypeDefinitionManagement</tt> </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Privilege_Management"></a>Privilege Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>PrivilegeManager.getRegisteredPrivileges</tt>   </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>PrivilegeManager.getRegisteredPrivileges</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>PrivilegeManager.getPrivilege</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>PrivilegeManager.registerPrivilege</tt> </td>
-      
-<td><tt>rep:privilegeManagement</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>PrivilegeManager.getPrivilege</tt>              </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>PrivilegeManager.registerPrivilege</tt>         </td>
+<td> <tt>rep:privilegeManagement</tt>      </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Workspace_Management"></a>Workspace Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Workspace.createWorkspace</tt>                  </td>
+<td> <tt>jcr:workspaceManagement</tt>      </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Workspace.createWorkspace</tt> </td>
-      
-<td><tt>jcr:workspaceManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Workspace.deleteWorkspace</tt> </td>
-      
-<td><tt>jcr:workspaceManagement</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>Workspace.deleteWorkspace</tt>                  </td>
+<td> <tt>jcr:workspaceManagement</tt>      </td></tr>
+</tbody>
 </table></div></div></div></div>
         </div>
       </div>



Mime
View raw message