jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mreut...@apache.org
Subject svn commit: r1838623 [20/22] - in /jackrabbit/site/live/oak/docs: ./ architecture/ coldstandby/ features/ nodestore/ nodestore/document/ nodestore/segment/ oak-mongo-js/ oak_api/ plugins/ query/ security/ security/accesscontrol/ security/authentication...
Date Wed, 22 Aug 2018 09:33:51 GMT
Modified: jackrabbit/site/live/oak/docs/security/privilege/mappingtoprivileges.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/privilege/mappingtoprivileges.html?rev=1838623&r1=1838622&r2=1838623&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/security/privilege/mappingtoprivileges.html (original)
+++ jackrabbit/site/live/oak/docs/security/privilege/mappingtoprivileges.html Wed Aug 22 09:33:49 2018
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia Site Renderer 1.7.4 at 2018-02-21 
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 at 2018-08-22 
  | Rendered using Apache Maven Fluido Skin 1.6
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20180221" />
+    <meta name="Date-Revision-yyyymmdd" content="20180822" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Jackrabbit Oak &#x2013; Privilege Management : Mapping API Calls to Privileges</title>
     <link rel="stylesheet" href="../../css/apache-maven-fluido-1.6.min.css" />
@@ -52,6 +52,7 @@
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">Main APIs <b class="caret"></b></a>
         <ul class="dropdown-menu">
             <li><a href="http://www.day.com/specs/jcr/2.0/index.html" title="JCR API">JCR API</a></li>
+            <li><a href="https://jackrabbit.apache.org/jcr/jcr-api.html" title="Jackrabbit API">Jackrabbit API</a></li>
             <li><a href="../../oak_api/overview.html" title="Oak API">Oak API</a></li>
         </ul>
       </li>
@@ -66,7 +67,12 @@
                   <li><a href="../../nodestore/compositens.html" title="Composite NodeStore">Composite NodeStore</a></li>
               </ul>
             </li>
-            <li><a href="../../plugins/blobstore.html" title="Blob Storage">Blob Storage</a></li>
+            <li class="dropdown-submenu">
+<a href="../../plugins/blobstore.html" title="Blob Storage">Blob Storage</a>
+              <ul class="dropdown-menu">
+                  <li><a href="../../features/direct-binary-access.html" title="Direct Binary Access">Direct Binary Access</a></li>
+              </ul>
+            </li>
             <li class="dropdown-submenu">
 <a href="../../query/query.html" title="Query">Query</a>
               <ul class="dropdown-menu">
@@ -136,7 +142,7 @@
 
       <div id="breadcrumbs">
         <ul class="breadcrumb">
-        <li id="publishDate">Last Published: 2018-02-21<span class="divider">|</span>
+        <li id="publishDate">Last Published: 2018-08-22<span class="divider">|</span>
 </li>
           <li id="projectVersion">Version: 1.10-SNAPSHOT</li>
         </ul>
@@ -155,12 +161,14 @@
     <li><a href="../../architecture/nodestate.html" title="The Node State Model"><span class="none"></span>The Node State Model</a>  </li>
           <li class="nav-header">Main APIs</li>
     <li><a href="http://www.day.com/specs/jcr/2.0/index.html" class="externalLink" title="JCR API"><span class="none"></span>JCR API</a>  </li>
+    <li><a href="https://jackrabbit.apache.org/jcr/jcr-api.html" class="externalLink" title="Jackrabbit API"><span class="none"></span>Jackrabbit API</a>  </li>
     <li><a href="../../oak_api/overview.html" title="Oak API"><span class="none"></span>Oak API</a>  </li>
           <li class="nav-header">Features and Plugins</li>
     <li><a href="../../nodestore/overview.html" title="Node Storage"><span class="icon-chevron-down"></span>Node Storage</a>
       <ul class="nav nav-list">
     <li><a href="../../nodestore/documentmk.html" title="Document NodeStore"><span class="icon-chevron-down"></span>Document NodeStore</a>
       <ul class="nav nav-list">
+    <li><a href="../../nodestore/document/mongo-document-store.html" title="MongoDB DocumentStore"><span class="none"></span>MongoDB DocumentStore</a>  </li>
     <li><a href="../../nodestore/document/node-bundling.html" title="Node Bundling"><span class="none"></span>Node Bundling</a>  </li>
     <li><a href="../../nodestore/document/secondary-store.html" title="Secondary Store"><span class="none"></span>Secondary Store</a>  </li>
     <li><a href="../../nodestore/persistent-cache.html" title="Persistent Cache"><span class="none"></span>Persistent Cache</a>  </li>
@@ -171,7 +179,11 @@
     <li><a href="../../nodestore/compositens.html" title="Composite NodeStore"><span class="none"></span>Composite NodeStore</a>  </li>
       </ul>
   </li>
-    <li><a href="../../plugins/blobstore.html" title="Blob Storage"><span class="none"></span>Blob Storage</a>  </li>
+    <li><a href="../../plugins/blobstore.html" title="Blob Storage"><span class="icon-chevron-down"></span>Blob Storage</a>
+      <ul class="nav nav-list">
+    <li><a href="../../features/direct-binary-access.html" title="Direct Binary Access"><span class="none"></span>Direct Binary Access</a>  </li>
+      </ul>
+  </li>
     <li><a href="../../query/query.html" title="Query"><span class="icon-chevron-down"></span>Query</a>
       <ul class="nav nav-list">
     <li><a href="../../query/query-engine.html" title="Query Engine"><span class="none"></span>Query Engine</a>  </li>
@@ -239,7 +251,8 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-  --><div class="section">
+  -->
+<div class="section">
 <div class="section">
 <h3><a name="Privilege_Management_:_Mapping_API_Calls_to_Privileges"></a>Privilege Management : Mapping API Calls to Privileges</h3>
 <p>The following table allows to identify which API calls require which type of privilege(s)</p>
@@ -247,1333 +260,660 @@
 <h4><a name="Transient_Operations"></a>Transient Operations</h4>
 <div class="section">
 <h5><a name="Read"></a>Read</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Session.itemExists</tt>                         </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Session.getItem</tt>                            </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Session.nodeExists</tt>                         </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="a">
+<td> <tt>Session.nodeExists</tt>                         </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="b">
+<td> <tt>Session.getNode</tt>                            </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="a">
+<td> <tt>Session.getRootNode</tt>                        </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="b">
+<td> <tt>Session.getNodeByUUID</tt>                      </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Session.getNodeByIdentifier</tt>                </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Session.getNode</tt>                            </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="a">
+<td> <tt>Session.propertyExists</tt>                     </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Session.getProperty</tt>                        </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Item.getParent</tt>                             </td>
+<td> <tt>rep:readNodes</tt> on parent      </td></tr>
+<tr class="b">
+<td> <tt>Item.getAncestor</tt>                           </td>
+<td> <tt>rep:readNodes</tt> on ancestor    </td></tr>
+<tr class="a">
+<td> <tt>Node.hasNode</tt>                               </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="b">
+<td> <tt>Node.hasNodes</tt>                              </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="a">
+<td> <tt>Node.getNode</tt>                               </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="b">
+<td> <tt>Node.getNodes</tt>                              </td>
+<td> <tt>rep:readNodes</tt>                </td></tr>
+<tr class="a">
+<td> <tt>Node.hasProperty</tt>                           </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Node.hasProperties</tt>                         </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Node.getProperty</tt>                           </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Node.getProperties</tt>                         </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Node.getUUID</tt>                               </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Node.getIdentifier</tt>                         </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Node.getReferences</tt>                         </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Node.getWeakReferences</tt>                     </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Node.getPrimaryItem</tt>                        </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Node.getPrimaryNodeType</tt>                    </td>
+<td> <tt>rep:readProperties</tt> on jcr:primaryType </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Session.itemExists</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.getItem</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Session.nodeExists</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.nodeExists</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Session.getNode</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.getRootNode</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Session.getNodeByUUID</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.getNodeByIdentifier</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Session.getNode</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.propertyExists</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Session.getProperty</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Item.getParent</tt> </td>
-      
-<td><tt>rep:readNodes</tt> on parent </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Item.getAncestor</tt> </td>
-      
-<td><tt>rep:readNodes</tt> on ancestor </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.hasNode</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.hasNodes</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.getNode</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.getNodes</tt> </td>
-      
-<td><tt>rep:readNodes</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.hasProperty</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.hasProperties</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.getProperty</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.getProperties</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.getUUID</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.getIdentifier</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.getReferences</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.getWeakReferences</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.getPrimaryItem</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.getPrimaryNodeType</tt> </td>
-      
-<td><tt>rep:readProperties</tt> on jcr:primaryType </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.getMixinNodeTypes</tt> </td>
-      
-<td><tt>rep:readProperties</tt> on jcr:mixinTypes </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Property.getValue</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Property.getValues</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Property.get*</tt> </td>
-      
-<td><tt>rep:readProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Property.getNode</tt> </td>
-      
-<td><tt>rep:readProperties</tt>, <tt>rep:readNodes</tt> on ref-target </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Session.exportSystemView</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.exportDocumentView</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>Node.getMixinNodeTypes</tt>                     </td>
+<td> <tt>rep:readProperties</tt> on jcr:mixinTypes </td></tr>
+<tr class="b">
+<td> <tt>Property.getValue</tt>                          </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Property.getValues</tt>                         </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Property.get*</tt>                              </td>
+<td> <tt>rep:readProperties</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Property.getNode</tt>                           </td>
+<td> <tt>rep:readProperties</tt>, <tt>rep:readNodes</tt> on ref-target </td></tr>
+<tr class="b">
+<td> <tt>Session.exportSystemView</tt>                   </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Session.exportDocumentView</tt>                 </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Writing_Properties"></a>Writing Properties</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Node.setProperty</tt> (new)                     </td>
+<td> <tt>rep:addProperties</tt>            </td></tr>
+<tr class="a">
+<td> <tt>Node.setProperty</tt> (existing)                </td>
+<td> <tt>rep:alterProperties</tt>          </td></tr>
+<tr class="b">
+<td> <tt>Property.setValue</tt>                          </td>
+<td> <tt>rep:alterProperties</tt>          </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Node.setProperty</tt> (new) </td>
-      
-<td><tt>rep:addProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.setProperty</tt> (existing) </td>
-      
-<td><tt>rep:alterProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Property.setValue</tt> </td>
-      
-<td><tt>rep:alterProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Property.remove</tt> </td>
-      
-<td><tt>rep:removeProperties</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.setProperty(String, null)</tt> </td>
-      
-<td><tt>rep:removeProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>JackrabbitSession.removeItem</tt> (item is a property) </td>
-      
-<td><tt>rep:removeProperties</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>Property.remove</tt>                            </td>
+<td> <tt>rep:removeProperties</tt>         </td></tr>
+<tr class="b">
+<td> <tt>Node.setProperty(String, null)</tt>             </td>
+<td> <tt>rep:removeProperties</tt>         </td></tr>
+<tr class="a">
+<td> <tt>JackrabbitSession.removeItem</tt> (item is a property) </td>
+<td> <tt>rep:removeProperties</tt>  </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Writing_Nodes"></a>Writing Nodes</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Node.addNode(String)</tt>                       </td>
+<td> <tt>jcr:addChildNodes</tt> (on parent) </td></tr>
+<tr class="a">
+<td> <tt>Node.remove</tt>                                </td>
+<td> <tt>jcr:removeChildNodes</tt> (on parent), <tt>jcr:removeNode</tt> </td></tr>
+<tr class="b">
+<td> <tt>JackrabbitSession.removeItem</tt> (if item is a node) </td>
+<td> <tt>jcr:removeChildNodes</tt> (on parent), <tt>jcr:removeNode</tt> </td></tr>
+<tr class="a">
+<td> <tt>Node.addNode(String, String)</tt>               </td>
+<td> <tt>jcr:addChildNodes</tt> (on parent), <tt>jcr:nodeTypeManagement</tt> </td></tr>
+<tr class="b">
+<td> <tt>Node.setPrimaryType</tt>                        </td>
+<td> <tt>jcr:nodeTypeManagement</tt>       </td></tr>
+<tr class="a">
+<td> <tt>Node.addMixin</tt>                              </td>
+<td> <tt>jcr:nodeTypeManagement</tt>       </td></tr>
+<tr class="b">
+<td> <tt>Node.removeMixin</tt>                           </td>
+<td> <tt>jcr:nodeTypeManagement</tt>       </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Node.addNode(String)</tt> </td>
-      
-<td><tt>jcr:addChildNodes</tt> (on parent) </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.remove</tt> </td>
-      
-<td><tt>jcr:removeChildNodes</tt> (on parent), <tt>jcr:removeNode</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>JackrabbitSession.removeItem</tt> (if item is a node) </td>
-      
-<td><tt>jcr:removeChildNodes</tt> (on parent), <tt>jcr:removeNode</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.addNode(String, String)</tt> </td>
-      
-<td><tt>jcr:addChildNodes</tt> (on parent), <tt>jcr:nodeTypeManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.setPrimaryType</tt> </td>
-      
-<td><tt>jcr:nodeTypeManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.addMixin</tt> </td>
-      
-<td><tt>jcr:nodeTypeManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.removeMixin</tt> </td>
-      
-<td><tt>jcr:nodeTypeManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.orderBefore</tt> </td>
-      
-<td><tt>jcr:addChildNodes</tt> and <tt>jcr:removeChildNodes</tt> (on parent) </td>
-    </tr>
-  </tbody>
+<td> <tt>Node.orderBefore</tt>                           </td>
+<td> <tt>jcr:addChildNodes</tt> and <tt>jcr:removeChildNodes</tt> (on parent) </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Writing_Index_Definition"></a>Writing Index Definition</h5>
 <p>While covered by regular JCR API write operations the target items require a dedicated privilege despite the fact that the item definitions are not protected (see Oak JIRA for corresponding discussions).</p>
 <p>All items located within a path that contains <tt>oak:index</tt> will be considered part of the special index definition.</p>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Node.addNode(String, String)</tt>               </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
+<tr class="a">
+<td> <tt>Node.addNode(String)</tt>                       </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
+<tr class="b">
+<td> <tt>Node.orderBefore</tt>                           </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Node.addNode(String, String)</tt> </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.addNode(String)</tt> </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Node.orderBefore</tt> </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Node.setProperty</tt> </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Property.setValue</tt> </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Item.remove</tt> (i.e. Node and Property) </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>JackrabbitSession.removeItem</tt> </td>
-      
-<td><tt>rep:indexDefinitionManagement</tt></td>
-    </tr>
-  </tbody>
+<td> <tt>Node.setProperty</tt>                           </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
+<tr class="b">
+<td> <tt>Property.setValue</tt>                          </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
+<tr class="a">
+<td> <tt>Item.remove</tt> (i.e. Node and Property)       </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
+<tr class="b">
+<td> <tt>JackrabbitSession.removeItem</tt>               </td>
+<td> <tt>rep:indexDefinitionManagement</tt></td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Move_and_Import"></a>Move and Import</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Session.move</tt>                               </td>
+<td> <tt>jcr:removeChildNodes</tt> (source parent) and <tt>jcr:addChildNodes</tt> (target parent) </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Session.move</tt> </td>
-      
-<td><tt>jcr:removeChildNodes</tt> (source parent) and <tt>jcr:addChildNodes</tt> (target parent) </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Session.importXml</tt> </td>
-      
-<td>same privileges as if items would be created using regular API calls </td>
-    </tr>
-  </tbody>
+<td> <tt>Session.importXml</tt>                          </td>
+<td> same privileges as if items would be created using regular API calls </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Access_Control_Management"></a>Access Control Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>AccessControlManager.getApplicablePolicies</tt> </td>
+<td> <tt>jcr:readAccessControl</tt>        </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>AccessControlManager.getApplicablePolicies</tt> </td>
-      
-<td><tt>jcr:readAccessControl</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>AccessControlManager.getPolicies</tt> </td>
-      
-<td><tt>jcr:readAccessControl</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>AccessControlManager.getEffectivePolicies</tt> </td>
-      
-<td><tt>jcr:readAccessControl</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>AccessControlManager.setPolicy</tt> </td>
-      
-<td><tt>jcr:modifyAccessControl</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>AccessControlManager.removePolicy</tt> </td>
-      
-<td><tt>jcr:modifyAccessControl</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>PrivilegeManager.registerPrivilege</tt> </td>
-      
-<td><tt>rep:privilegeManagent</tt> at &#x2018;null&#x2019; path </td>
-    </tr>
-  </tbody>
+<td> <tt>AccessControlManager.getPolicies</tt>           </td>
+<td> <tt>jcr:readAccessControl</tt>        </td></tr>
+<tr class="b">
+<td> <tt>AccessControlManager.getEffectivePolicies</tt>  </td>
+<td> <tt>jcr:readAccessControl</tt>        </td></tr>
+<tr class="a">
+<td> <tt>AccessControlManager.setPolicy</tt>             </td>
+<td> <tt>jcr:modifyAccessControl</tt>      </td></tr>
+<tr class="b">
+<td> <tt>AccessControlManager.removePolicy</tt>          </td>
+<td> <tt>jcr:modifyAccessControl</tt>      </td></tr>
+<tr class="a">
+<td> <tt>PrivilegeManager.registerPrivilege</tt>         </td>
+<td> <tt>rep:privilegeManagent</tt> at &#x2018;null&#x2019; path </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="User_Management"></a>User Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>UserManager.getAuthorizable</tt>                </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>UserManager.findAuthorizable</tt>               </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>UserManager.createUser</tt>                     </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="a">
+<td> <tt>UserManager.createSystemUser</tt>               </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="b">
+<td> <tt>UserManager.createGroup</tt>                    </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="a">
+<td> <tt>User.isDisabled</tt>                            </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>User.getDisabledReason</tt>                     </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>User.disable</tt>                               </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="b">
+<td> <tt>User.changePassword</tt>                        </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="a">
+<td> <tt>User.getCredentials</tt>                        </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>User.getImpersonation</tt>                      </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>UserManager.getAuthorizable</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>UserManager.findAuthorizable</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>UserManager.createUser</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>UserManager.createSystemUser</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>UserManager.createGroup</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>User.isDisabled</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>User.getDisabledReason</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>User.disable</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>User.changePassword</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>User.getCredentials</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>User.getImpersonation</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Impersonation.getImpersonators</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Impersonation.allows</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Impersonation.grantImpersonation</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Impersonation.revokeImpersonation</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Group.getDeclaredMembers</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Group.getMembers</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Group.isDeclaredMember</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Group.isMember</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Group.addMember</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Group.removeMember</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Authorizable.getID</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Authorizable.getPrincipal</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Authorizable.getPath</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Authorizable.declaredMemberOf</tt> </td>
-      
-<td><tt>jcr:read</tt> (on groups listing this user/group as member) </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Authorizable.memberOf</tt> </td>
-      
-<td><tt>jcr:read</tt> (on groups listing this user/group as member) </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Authorizable.remove</tt> </td>
-      
-<td><tt>rep:userManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Authorizable.getPropertyNames</tt> </td>
-      
-<td><tt>jcr:read</tt> or <tt>rep:readProperties</tt> (no relPath) </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Authorizable.hasProperty</tt> </td>
-      
-<td><tt>jcr:read</tt> or <tt>rep:readProperties</tt> (no relPath) </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Authorizable.getProperty</tt> </td>
-      
-<td><tt>jcr:read</tt> or <tt>rep:readProperties</tt> (no relPath) </td>
-      
-<td> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Authorizable.setProperty</tt> (no relPath) </td>
-      
-<td><tt>rep:addProperties</tt> and/or <tt>rep:alterProperties</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Authorizable.setProperty</tt> (with relPath </td>
-      
-<td><tt>rep:addProperties</tt> and/or <tt>rep:alterProperties</tt>, <tt>jcr:addChildNodes</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Authorizable.removeProperty</tt> </td>
-      
-<td><tt>rep:removeProperties</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>Impersonation.getImpersonators</tt>             </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Impersonation.allows</tt>                       </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Impersonation.grantImpersonation</tt>           </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Impersonation.revokeImpersonation</tt>          </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Group.getDeclaredMembers</tt>                   </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Group.getMembers</tt>                           </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Group.isDeclaredMember</tt>                     </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Group.isMember</tt>                             </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Group.addMember</tt>                            </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="b">
+<td> <tt>Group.removeMember</tt>                         </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Authorizable.getID</tt>                         </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Authorizable.getPrincipal</tt>                  </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>Authorizable.getPath</tt>                       </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>Authorizable.declaredMemberOf</tt>              </td>
+<td> <tt>jcr:read</tt> (on groups listing this user/group as member) </td></tr>
+<tr class="a">
+<td> <tt>Authorizable.memberOf</tt>                      </td>
+<td> <tt>jcr:read</tt> (on groups listing this user/group as member) </td></tr>
+<tr class="b">
+<td> <tt>Authorizable.remove</tt>                        </td>
+<td> <tt>rep:userManagement</tt>           </td></tr>
+<tr class="a">
+<td> <tt>Authorizable.getPropertyNames</tt>              </td>
+<td> <tt>jcr:read</tt> or <tt>rep:readProperties</tt> (no relPath) </td></tr>
+<tr class="b">
+<td> <tt>Authorizable.hasProperty</tt>                   </td>
+<td> <tt>jcr:read</tt> or <tt>rep:readProperties</tt> (no relPath) </td></tr>
+<tr class="a">
+<td> <tt>Authorizable.getProperty</tt>                   </td>
+<td> <tt>jcr:read</tt> or <tt>rep:readProperties</tt> (no relPath) </td>
+<td>                     </td></tr>
+<tr class="b">
+<td> <tt>Authorizable.setProperty</tt> (no relPath)      </td>
+<td> <tt>rep:addProperties</tt> and/or <tt>rep:alterProperties</tt> </td></tr>
+<tr class="a">
+<td> <tt>Authorizable.setProperty</tt> (with relPath     </td>
+<td> <tt>rep:addProperties</tt> and/or <tt>rep:alterProperties</tt>, <tt>jcr:addChildNodes</tt> </td></tr>
+<tr class="b">
+<td> <tt>Authorizable.removeProperty</tt>                </td>
+<td> <tt>rep:removeProperties</tt>         </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="LifeCycle_Management"></a>LifeCycle Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Node.followLifecycleTransition</tt> </td>
-      
-<td><tt>jcr:lifecycleManagement</tt> </td>
-    </tr>
-  </tbody>
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Node.followLifecycleTransition</tt>             </td>
+<td> <tt>jcr:lifecycleManagement</tt>      </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Retention_Management"></a>Retention Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>RetentionManager.getHolds</tt>                  </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>RetentionManager.getHolds</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>RetentionManager.getRetentionPolicy</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>RetentionManager.addHold</tt> </td>
-      
-<td><tt>jcr:retentionManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>RetentionManager.removeHold</tt> </td>
-      
-<td><tt>jcr:retentionManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>RetentionManager.setRetentionPolicy</tt> </td>
-      
-<td><tt>jcr:retentionManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>RetentionManager.removeRetentionPolicy</tt> </td>
-      
-<td><tt>jcr:retentionManagement</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>RetentionManager.getRetentionPolicy</tt>        </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>RetentionManager.addHold</tt>                   </td>
+<td> <tt>jcr:retentionManagement</tt>      </td></tr>
+<tr class="a">
+<td> <tt>RetentionManager.removeHold</tt>                </td>
+<td> <tt>jcr:retentionManagement</tt>      </td></tr>
+<tr class="b">
+<td> <tt>RetentionManager.setRetentionPolicy</tt>        </td>
+<td> <tt>jcr:retentionManagement</tt>      </td></tr>
+<tr class="a">
+<td> <tt>RetentionManager.removeRetentionPolicy</tt>     </td>
+<td> <tt>jcr:retentionManagement</tt>      </td></tr>
+</tbody>
 </table></div></div>
 <div class="section">
 <h4><a name="Workspace_Operations"></a>Workspace Operations</h4>
 <div class="section">
 <h5><a name="Move_Copy_and_Import"></a>Move, Copy and Import</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Workspace.move</tt>                             </td>
+<td> <tt>jcr:removeChildNodes</tt> (source parent) and <tt>jcr:addChildNodes</tt> (target parent) </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Workspace.move</tt> </td>
-      
-<td><tt>jcr:removeChildNodes</tt> (source parent) and <tt>jcr:addChildNodes</tt> (target parent) </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Workspace.copy</tt> </td>
-      
-<td>same privileges as if items would be created using regular API calls </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>Workspace.importXml</tt> </td>
-      
-<td>same privileges as if items would be created using regular API calls </td>
-    </tr>
-  </tbody>
+<td> <tt>Workspace.copy</tt>                             </td>
+<td> same privileges as if items would be created using regular API calls </td></tr>
+<tr class="b">
+<td> <tt>Workspace.importXml</tt>                        </td>
+<td> same privileges as if items would be created using regular API calls </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Version_Management"></a>Version Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>VersionManager.isCheckedOut</tt>                </td>
+<td> <tt>rep:readNodes</tt> on versionable node and <tt>rep:readProperties</tt> on its property <tt>jcr:isCheckedOut</tt> </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.getVersionHistory</tt>           </td>
+<td> <tt>rep:readNodes</tt> on versionable node and <tt>rep:readProperties</tt> on its property <tt>jcr:versionHistory</tt> </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.getBaseVersion</tt>              </td>
+<td> <tt>rep:readNodes</tt> on versionable node and <tt>rep:readProperties</tt> on its property <tt>jcr:baseVersion</tt> </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.checkin</tt>                     </td>
+<td> <tt>jcr:versionManagement</tt> on versionable node </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.checkout</tt>                    </td>
+<td> <tt>jcr:versionManagement</tt> on versionable node </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.checkpoint</tt>                  </td>
+<td> <tt>jcr:versionManagement</tt> on versionable node </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.restore</tt>                     </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.restoreByLabel</tt>              </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.merge</tt>                       </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.cancelMerge</tt>                 </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.doneMerge</tt>                   </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.createConfiguration</tt>         </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.setActivity</tt>                 </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="a">
+<td> <tt>VersionManager.createActivity</tt>              </td>
+<td> <i>TODO</i>                         </td></tr>
+<tr class="b">
+<td> <tt>VersionManager.removeActivity</tt>              </td>
+<td> <i>TODO</i>                         </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.isCheckedOut</tt> </td>
-      
-<td><tt>rep:readNodes</tt> on versionable node and <tt>rep:readProperties</tt> on its property <tt>jcr:isCheckedOut</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.getVersionHistory</tt> </td>
-      
-<td><tt>rep:readNodes</tt> on versionable node and <tt>rep:readProperties</tt> on its property <tt>jcr:versionHistory</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.getBaseVersion</tt> </td>
-      
-<td><tt>rep:readNodes</tt> on versionable node and <tt>rep:readProperties</tt> on its property <tt>jcr:baseVersion</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.checkin</tt> </td>
-      
-<td><tt>jcr:versionManagement</tt> on versionable node </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.checkout</tt> </td>
-      
-<td><tt>jcr:versionManagement</tt> on versionable node </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.checkpoint</tt> </td>
-      
-<td><tt>jcr:versionManagement</tt> on versionable node </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.restore</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.restoreByLabel</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.merge</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.cancelMerge</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.doneMerge</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.createConfiguration</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.setActivity</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionManager.createActivity</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionManager.removeActivity</tt> </td>
-      
-<td><i>TODO</i> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>VersionHistory.*</tt> (read) </td>
-      
-<td><tt>rep:readNodes</tt> on versionable node </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>VersionHistory.removeVersion</tt> </td>
-      
-<td><tt>jcr:versionManagement</tt> on versionable node </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Version.*</tt> (read) </td>
-      
-<td><tt>rep:readNodes</tt> on versionable node </td>
-    </tr>
-  </tbody>
+<td> <tt>VersionHistory.*</tt> (read)                    </td>
+<td> <tt>rep:readNodes</tt> on versionable node </td></tr>
+<tr class="b">
+<td> <tt>VersionHistory.removeVersion</tt>               </td>
+<td> <tt>jcr:versionManagement</tt> on versionable node </td></tr>
+<tr class="a">
+<td> <tt>Version.*</tt> (read)                           </td>
+<td> <tt>rep:readNodes</tt> on versionable node </td></tr>
+</tbody>
 </table>
 <p>NOTE: since Oak 1.0 read/write access to version storage is defined by accessibility of the versionable node and <i>not</i> to the version store items.</p></div>
 <div class="section">
 <h5><a name="Lock_Management"></a>Lock Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>LockManager.getLock</tt> = <tt>Node.getLock</tt>       </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>LockManager.isLocked</tt> = <tt>Node.isLocked</tt>     </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>LockManager.holdsLock</tt> = <tt>Node.holdsLock</tt>   </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>LockManager.getLock</tt> = <tt>Node.getLock</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>LockManager.isLocked</tt> = <tt>Node.isLocked</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>LockManager.holdsLock</tt> = <tt>Node.holdsLock</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>LockManager.lock</tt> = <tt>Node.lock</tt> </td>
-      
-<td><tt>jcr:lockManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>LockManager.unlock</tt> = <tt>Node.unlock</tt> </td>
-      
-<td><tt>jcr:lockManagement</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>LockManager.lock</tt> = <tt>Node.lock</tt>             </td>
+<td> <tt>jcr:lockManagement</tt>           </td></tr>
+<tr class="b">
+<td> <tt>LockManager.unlock</tt> = <tt>Node.unlock</tt>         </td>
+<td> <tt>jcr:lockManagement</tt>           </td></tr>
+</tbody>
 </table></div></div>
 <div class="section">
 <h4><a name="Repository_Operations"></a>Repository Operations</h4>
 <p>Note: privileges for repository operations need to be granted|denied on the <i>null</i> path.</p>
 <div class="section">
 <h5><a name="Namespace_Management"></a>Namespace Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>NamespaceRegistry.getPrefix</tt>                </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>NamespaceRegistry.getPrefixes</tt>              </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>NamespaceRegistry.getURI</tt>                   </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>NamespaceRegistry.getURIs</tt>                  </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>NamespaceRegistry.registerNamespace</tt>        </td>
+<td> <tt>jcr:namespaceManagement</tt>      </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>NamespaceRegistry.getPrefix</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NamespaceRegistry.getPrefixes</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NamespaceRegistry.getURI</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NamespaceRegistry.getURIs</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NamespaceRegistry.registerNamespace</tt> </td>
-      
-<td><tt>jcr:namespaceManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NamespaceRegistry.unregisterNamespace</tt> </td>
-      
-<td><tt>jcr:namespaceManagement</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>NamespaceRegistry.unregisterNamespace</tt>      </td>
+<td> <tt>jcr:namespaceManagement</tt>      </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="NodeType_Management"></a>NodeType Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>NodeTypeManager.hasNodeType</tt>                </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>NodeTypeManager.getNodeType</tt>                </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>NodeTypeManager.getAllNodeTypes</tt>            </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>NodeTypeManager.getPrimaryNodeTypes</tt>        </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>NodeTypeManager.getMixinNodeTypes</tt>          </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="a">
+<td> <tt>NodeTypeManager.createNodeTypeTemplate</tt>     </td>
+<td> NA                             </td></tr>
+<tr class="b">
+<td> <tt>NodeTypeManager.createNodeDefinitionTemplate</tt>     </td>
+<td> NA                       </td></tr>
+<tr class="a">
+<td> <tt>NodeTypeManager.createPropertyDefinitionTemplate</tt> </td>
+<td> NA                       </td></tr>
+<tr class="b">
+<td> <tt>NodeTypeManager.registerNodeType</tt>           </td>
+<td> <tt>jcr:nodeTypeDefinitionManagement</tt> </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>NodeTypeManager.hasNodeType</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NodeTypeManager.getNodeType</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NodeTypeManager.getAllNodeTypes</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NodeTypeManager.getPrimaryNodeTypes</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NodeTypeManager.getMixinNodeTypes</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NodeTypeManager.createNodeTypeTemplate</tt> </td>
-      
-<td>NA </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NodeTypeManager.createNodeDefinitionTemplate</tt> </td>
-      
-<td>NA </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NodeTypeManager.createPropertyDefinitionTemplate</tt> </td>
-      
-<td>NA </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NodeTypeManager.registerNodeType</tt> </td>
-      
-<td><tt>jcr:nodeTypeDefinitionManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NodeTypeManager.registerNodeTypes</tt> </td>
-      
-<td><tt>jcr:nodeTypeDefinitionManagement</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>NodeTypeManager.unregisterNodeType</tt> </td>
-      
-<td><tt>jcr:nodeTypeDefinitionManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>NodeTypeManager.unregisterNodeTypes</tt> </td>
-      
-<td><tt>jcr:nodeTypeDefinitionManagement</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>NodeTypeManager.registerNodeTypes</tt>          </td>
+<td> <tt>jcr:nodeTypeDefinitionManagement</tt> </td></tr>
+<tr class="b">
+<td> <tt>NodeTypeManager.unregisterNodeType</tt>         </td>
+<td> <tt>jcr:nodeTypeDefinitionManagement</tt> </td></tr>
+<tr class="a">
+<td> <tt>NodeTypeManager.unregisterNodeTypes</tt>        </td>
+<td> <tt>jcr:nodeTypeDefinitionManagement</tt> </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Privilege_Management"></a>Privilege Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>PrivilegeManager.getRegisteredPrivileges</tt>   </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>PrivilegeManager.getRegisteredPrivileges</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>PrivilegeManager.getPrivilege</tt> </td>
-      
-<td><tt>jcr:read</tt> </td>
-    </tr>
-    
-<tr class="b">
-      
-<td><tt>PrivilegeManager.registerPrivilege</tt> </td>
-      
-<td><tt>rep:privilegeManagement</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>PrivilegeManager.getPrivilege</tt>              </td>
+<td> <tt>jcr:read</tt>                     </td></tr>
+<tr class="b">
+<td> <tt>PrivilegeManager.registerPrivilege</tt>         </td>
+<td> <tt>rep:privilegeManagement</tt>      </td></tr>
+</tbody>
 </table></div>
 <div class="section">
 <h5><a name="Workspace_Management"></a>Workspace Management</h5>
-
 <table border="0" class="table table-striped">
-  <thead>
-    
+<thead>
+
+<tr class="a">
+<th> API Call                                     </th>
+<th> Privilege(s)                   </th></tr>
+</thead><tbody>
+
+<tr class="b">
+<td> <tt>Workspace.createWorkspace</tt>                  </td>
+<td> <tt>jcr:workspaceManagement</tt>      </td></tr>
 <tr class="a">
-      
-<th>API Call </th>
-      
-<th>Privilege(s) </th>
-    </tr>
-  </thead>
-  <tbody>
-    
-<tr class="b">
-      
-<td><tt>Workspace.createWorkspace</tt> </td>
-      
-<td><tt>jcr:workspaceManagement</tt> </td>
-    </tr>
-    
-<tr class="a">
-      
-<td><tt>Workspace.deleteWorkspace</tt> </td>
-      
-<td><tt>jcr:workspaceManagement</tt> </td>
-    </tr>
-  </tbody>
+<td> <tt>Workspace.deleteWorkspace</tt>                  </td>
+<td> <tt>jcr:workspaceManagement</tt>      </td></tr>
+</tbody>
 </table></div></div></div></div>
         </div>
       </div>

Modified: jackrabbit/site/live/oak/docs/security/user.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/user.html?rev=1838623&r1=1838622&r2=1838623&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/security/user.html (original)
+++ jackrabbit/site/live/oak/docs/security/user.html Wed Aug 22 09:33:49 2018
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia Site Renderer 1.7.4 at 2018-02-21 
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 at 2018-08-22 
  | Rendered using Apache Maven Fluido Skin 1.6
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20180221" />
+    <meta name="Date-Revision-yyyymmdd" content="20180822" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Jackrabbit Oak &#x2013; User Management</title>
     <link rel="stylesheet" href="../css/apache-maven-fluido-1.6.min.css" />
@@ -52,6 +52,7 @@
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">Main APIs <b class="caret"></b></a>
         <ul class="dropdown-menu">
             <li><a href="http://www.day.com/specs/jcr/2.0/index.html" title="JCR API">JCR API</a></li>
+            <li><a href="https://jackrabbit.apache.org/jcr/jcr-api.html" title="Jackrabbit API">Jackrabbit API</a></li>
             <li><a href="../oak_api/overview.html" title="Oak API">Oak API</a></li>
         </ul>
       </li>
@@ -66,7 +67,12 @@
                   <li><a href="../nodestore/compositens.html" title="Composite NodeStore">Composite NodeStore</a></li>
               </ul>
             </li>
-            <li><a href="../plugins/blobstore.html" title="Blob Storage">Blob Storage</a></li>
+            <li class="dropdown-submenu">
+<a href="../plugins/blobstore.html" title="Blob Storage">Blob Storage</a>
+              <ul class="dropdown-menu">
+                  <li><a href="../features/direct-binary-access.html" title="Direct Binary Access">Direct Binary Access</a></li>
+              </ul>
+            </li>
             <li class="dropdown-submenu">
 <a href="../query/query.html" title="Query">Query</a>
               <ul class="dropdown-menu">
@@ -136,7 +142,7 @@
 
       <div id="breadcrumbs">
         <ul class="breadcrumb">
-        <li id="publishDate">Last Published: 2018-02-21<span class="divider">|</span>
+        <li id="publishDate">Last Published: 2018-08-22<span class="divider">|</span>
 </li>
           <li id="projectVersion">Version: 1.10-SNAPSHOT</li>
         </ul>
@@ -155,12 +161,14 @@
     <li><a href="../architecture/nodestate.html" title="The Node State Model"><span class="none"></span>The Node State Model</a>  </li>
           <li class="nav-header">Main APIs</li>
     <li><a href="http://www.day.com/specs/jcr/2.0/index.html" class="externalLink" title="JCR API"><span class="none"></span>JCR API</a>  </li>
+    <li><a href="https://jackrabbit.apache.org/jcr/jcr-api.html" class="externalLink" title="Jackrabbit API"><span class="none"></span>Jackrabbit API</a>  </li>
     <li><a href="../oak_api/overview.html" title="Oak API"><span class="none"></span>Oak API</a>  </li>
           <li class="nav-header">Features and Plugins</li>
     <li><a href="../nodestore/overview.html" title="Node Storage"><span class="icon-chevron-down"></span>Node Storage</a>
       <ul class="nav nav-list">
     <li><a href="../nodestore/documentmk.html" title="Document NodeStore"><span class="icon-chevron-down"></span>Document NodeStore</a>
       <ul class="nav nav-list">
+    <li><a href="../nodestore/document/mongo-document-store.html" title="MongoDB DocumentStore"><span class="none"></span>MongoDB DocumentStore</a>  </li>
     <li><a href="../nodestore/document/node-bundling.html" title="Node Bundling"><span class="none"></span>Node Bundling</a>  </li>
     <li><a href="../nodestore/document/secondary-store.html" title="Secondary Store"><span class="none"></span>Secondary Store</a>  </li>
     <li><a href="../nodestore/persistent-cache.html" title="Persistent Cache"><span class="none"></span>Persistent Cache</a>  </li>
@@ -171,7 +179,11 @@
     <li><a href="../nodestore/compositens.html" title="Composite NodeStore"><span class="none"></span>Composite NodeStore</a>  </li>
       </ul>
   </li>
-    <li><a href="../plugins/blobstore.html" title="Blob Storage"><span class="none"></span>Blob Storage</a>  </li>
+    <li><a href="../plugins/blobstore.html" title="Blob Storage"><span class="icon-chevron-down"></span>Blob Storage</a>
+      <ul class="nav nav-list">
+    <li><a href="../features/direct-binary-access.html" title="Direct Binary Access"><span class="none"></span>Direct Binary Access</a>  </li>
+      </ul>
+  </li>
     <li><a href="../query/query.html" title="Query"><span class="icon-chevron-down"></span>Query</a>
       <ul class="nav nav-list">
     <li><a href="../query/query-engine.html" title="Query Engine"><span class="none"></span>Query Engine</a>  </li>
@@ -239,125 +251,103 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
---><div class="section">
-<h2><a name="User_Management"></a>User Management</h2>
-<p><a name="jcr_api"></a></p>
+-->
 <div class="section">
-<h3><a name="JCR_API"></a>JCR API</h3>
+<h2><a name="User_Management"></a>User Management</h2>
+<a name="jcr_api"></a>
+### JCR API
+
 <p>JCR itself doesn&#x2019;t come with a dedicated user management API. The only method related and ultimately used for user management tasks is <tt>Session.getUserID()</tt>. Therefore an API for user and group management has been defined as part of the extensions present with Jackrabbit API.</p>
-<p><a name="jackrabbit_api"></a></p></div>
-<div class="section">
-<h3><a name="Jackrabbit_API"></a>Jackrabbit API</h3>
-<p>The Jackrabbit API provides the user management related extensions that are missing in JCR. The relevant interfaces are defined in the `org.apache.jackrabbit.api.security.user&#x2019; package space:</p>
+<a name="jackrabbit_api"></a>
+### Jackrabbit API
 
+<p>The Jackrabbit API provides the user management related extensions that are missing in JCR. The relevant interfaces are defined in the `org.apache.jackrabbit.api.security.user&#x2019; package space:</p>
 <ul>
-  
+
 <li><tt>UserManager</tt></li>
-  
 <li><tt>Authorizable</tt>
-  
 <ul>
-    
+
 <li><tt>User</tt></li>
-    
 <li><tt>Group</tt></li>
-  </ul></li>
-  
+</ul>
+</li>
 <li><tt>Impersonation</tt></li>
-  
 <li><tt>QueryBuilder</tt>
-  
 <ul>
-    
+
 <li><tt>Query</tt></li>
-  </ul></li>
 </ul>
-<p><a name="api_extensions"></a></p></div>
-<div class="section">
-<h3><a name="API_Extensions"></a>API Extensions</h3>
-<p>The Oak project introduces the following user management related public interfaces and classes:</p>
+</li>
+</ul>
+<a name="api_extensions"></a>
+### API Extensions
 
+<p>The Oak project introduces the following user management related public interfaces and classes:</p>
 <ul>
-  
+
 <li><tt>AuthorizableType</tt>: ease handling with the different authorizable types.</li>
-  
 <li><tt>AuthorizableAction</tt> and <tt>AuthorizableActionProvider</tt>: see <a href="user/authorizableaction.html">Authorizable Actions</a> for details.</li>
-  
-<li><tt>AuthorizableNodeName</tt>: see section <a href="user/authorizablenodename.html">Authorizable Node Name Generation</a>.</li>
-  
+<li><tt>AuthorizableNodeName</tt>: see section  <a href="user/authorizablenodename.html">Authorizable Node Name Generation</a>.</li>
 <li><tt>GroupAction</tt> (via <tt>AuthorizableActionProvider</tt>): see <a href="user/groupaction.html">Group Actions</a> for details.</li>
-  
 <li><tt>UserAuthenticationFactory</tt>: see sections <a href="user/default.html#pluggability">pluggability</a> and <a href="authentication/default.html#user_authentication">user authentication</a> for additional details.</li>
 </ul>
-<p><a name="utilities"></a></p></div>
-<div class="section">
-<h3><a name="Utilities"></a>Utilities</h3>
-<p><tt>org.apache.jackrabbit.oak.spi.security.user.*</tt></p>
+<a name="utilities"></a>
+### Utilities
 
+<p><tt>org.apache.jackrabbit.oak.spi.security.user.*</tt></p>
 <ul>
-  
+
 <li><tt>UserConstants</tt> : Constants (NOTE: OAK names/paths)</li>
-  
 <li><tt>UserIdCredentials</tt> : Simple credentials implementation that might be used for `User.getCredentials&#x2019; without exposing pw information.</li>
 </ul>
 <p><tt>org.apache.jackrabbit.oak.spi.security.user.util.*</tt></p>
-
 <ul>
-  
-<li><tt>PasswordUtil</tt> : Utilities for password generation. This utility corresponds  to the internal jackrabbit utility.  As of OAK it also supports Password-Based Key Derivation Function 2 (PBKDF2)  function for password generation.</li>
-  
+
+<li><tt>PasswordUtil</tt> : Utilities for password generation. This utility corresponds to the internal jackrabbit utility. As of OAK it also supports Password-Based Key Derivation Function 2 (PBKDF2) function for password generation.</li>
 <li><tt>UserUtil</tt> : Utilities related to general user management tasks.</li>
 </ul>
-<p><a name="default_implementation"></a></p></div>
-<div class="section">
-<h3><a name="Oak_User_Management_Implementation"></a>Oak User Management Implementation</h3>
+<a name="default_implementation"></a>
+### Oak User Management Implementation
+
 <p>The behavior of the default user management implementation is described in section <a href="user/default.html">User Management: The Default Implementation</a>.</p>
-<p><a name="configuration"></a></p></div>
-<div class="section">
-<h3><a name="Configuration"></a>Configuration</h3>
-<p>The Oak user management comes with a dedicated entry point called <a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.html">UserConfiguration</a>. This class is responsible for passing configuration options to the implementation and provides the following two methods:</p>
+<a name="configuration"></a>
+### Configuration
 
+<p>The Oak user management comes with a dedicated entry point called <a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.html">UserConfiguration</a>. This class is responsible for passing configuration options to the implementation and provides the following two methods:</p>
 <ul>
-  
+
 <li><tt>getUserManager(Root, NamePathMapper)</tt>: get a new <tt>UserManager</tt> instance</li>
-  
 <li><tt>getUserPrincipalProvider(Root, NamePathMapper)</tt>: optional method that allows for optimized principal look-up from user/group accounts (since Oak 1.3.4).</li>
 </ul>
 <div class="section">
+<div class="section">
 <h4><a name="Configuration_Parameters"></a>Configuration Parameters</h4>
 <p>The supported configuration options of the default implementation are described in the corresponding <a href="user/default.html#configuration">section</a>.</p>
-<p><a name="pluggability"></a></p></div></div>
-<div class="section">
-<h3><a name="Pluggability"></a>Pluggability</h3>
+<a name="pluggability"></a>
+### Pluggability
+
 <p>The default security setup as present with Oak 1.0 is able to have the default user management implementation replaced as follows:</p>
 <p>The complete user management implementation can be changed by plugging a different <tt>UserConfiguration</tt> implementations. In OSGi-base setup this is achieved by making the configuration a service which must take precedence over the default. In a non-OSGi-base setup the custom configuration must be exposed by the <tt>SecurityProvider</tt> implementation.</p>
 <p>Alternatively the default user management implementation can be extended and adjusted using various means. See the corresponding <a href="user/default.html#pluggability">section</a> for further details.</p>
-<p><a name="further_reading"></a></p></div>
-<div class="section">
-<h3><a name="Further_Reading"></a>Further Reading</h3>
+<a name="further_reading"></a>
+### Further Reading
 
 <ul>
-  
+
 <li><a href="user/differences.html">Differences wrt Jackrabbit 2.x</a></li>
-  
 <li><a href="user/default.html">User Management : The Default Implementation</a>
-  
 <ul>
-    
+
 <li><a href="user/membership.html">Group Membership</a></li>
-    
 <li><a href="user/authorizableaction.html">Authorizable Actions</a></li>
-    
 <li><a href="user/authorizablenodename.html">Authorizable Node Name</a></li>
-    
 <li><a href="user/expiry.html">Password Expiry and Force Initial Password Change</a></li>
-    
 <li><a href="user/history.html">Password History</a></li>
-  </ul></li>
-  
-<li><a href="user/query.html">Searching Users and Groups</a></li>
 </ul>
-<!-- hidden references --></div></div>
+</li>
+<li><a href="user/query.html">Searching Users and Groups</a></li>
+</ul><!-- hidden references --></div></div></div>
         </div>
       </div>
     </div>

Modified: jackrabbit/site/live/oak/docs/security/user/authorizableaction.html
URL: http://svn.apache.org/viewvc/jackrabbit/site/live/oak/docs/security/user/authorizableaction.html?rev=1838623&r1=1838622&r2=1838623&view=diff
==============================================================================
--- jackrabbit/site/live/oak/docs/security/user/authorizableaction.html (original)
+++ jackrabbit/site/live/oak/docs/security/user/authorizableaction.html Wed Aug 22 09:33:49 2018
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia Site Renderer 1.7.4 at 2018-04-18 
+ | Generated by Apache Maven Doxia Site Renderer 1.8.1 at 2018-08-22 
  | Rendered using Apache Maven Fluido Skin 1.6
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20180418" />
+    <meta name="Date-Revision-yyyymmdd" content="20180822" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Jackrabbit Oak &#x2013; Authorizable Actions</title>
     <link rel="stylesheet" href="../../css/apache-maven-fluido-1.6.min.css" />
@@ -52,6 +52,7 @@
         <a href="#" class="dropdown-toggle" data-toggle="dropdown">Main APIs <b class="caret"></b></a>
         <ul class="dropdown-menu">
             <li><a href="http://www.day.com/specs/jcr/2.0/index.html" title="JCR API">JCR API</a></li>
+            <li><a href="https://jackrabbit.apache.org/jcr/jcr-api.html" title="Jackrabbit API">Jackrabbit API</a></li>
             <li><a href="../../oak_api/overview.html" title="Oak API">Oak API</a></li>
         </ul>
       </li>
@@ -66,7 +67,12 @@
                   <li><a href="../../nodestore/compositens.html" title="Composite NodeStore">Composite NodeStore</a></li>
               </ul>
             </li>
-            <li><a href="../../plugins/blobstore.html" title="Blob Storage">Blob Storage</a></li>
+            <li class="dropdown-submenu">
+<a href="../../plugins/blobstore.html" title="Blob Storage">Blob Storage</a>
+              <ul class="dropdown-menu">
+                  <li><a href="../../features/direct-binary-access.html" title="Direct Binary Access">Direct Binary Access</a></li>
+              </ul>
+            </li>
             <li class="dropdown-submenu">
 <a href="../../query/query.html" title="Query">Query</a>
               <ul class="dropdown-menu">
@@ -136,7 +142,7 @@
 
       <div id="breadcrumbs">
         <ul class="breadcrumb">
-        <li id="publishDate">Last Published: 2018-04-18<span class="divider">|</span>
+        <li id="publishDate">Last Published: 2018-08-22<span class="divider">|</span>
 </li>
           <li id="projectVersion">Version: 1.10-SNAPSHOT</li>
         </ul>
@@ -155,12 +161,14 @@
     <li><a href="../../architecture/nodestate.html" title="The Node State Model"><span class="none"></span>The Node State Model</a>  </li>
           <li class="nav-header">Main APIs</li>
     <li><a href="http://www.day.com/specs/jcr/2.0/index.html" class="externalLink" title="JCR API"><span class="none"></span>JCR API</a>  </li>
+    <li><a href="https://jackrabbit.apache.org/jcr/jcr-api.html" class="externalLink" title="Jackrabbit API"><span class="none"></span>Jackrabbit API</a>  </li>
     <li><a href="../../oak_api/overview.html" title="Oak API"><span class="none"></span>Oak API</a>  </li>
           <li class="nav-header">Features and Plugins</li>
     <li><a href="../../nodestore/overview.html" title="Node Storage"><span class="icon-chevron-down"></span>Node Storage</a>
       <ul class="nav nav-list">
     <li><a href="../../nodestore/documentmk.html" title="Document NodeStore"><span class="icon-chevron-down"></span>Document NodeStore</a>
       <ul class="nav nav-list">
+    <li><a href="../../nodestore/document/mongo-document-store.html" title="MongoDB DocumentStore"><span class="none"></span>MongoDB DocumentStore</a>  </li>
     <li><a href="../../nodestore/document/node-bundling.html" title="Node Bundling"><span class="none"></span>Node Bundling</a>  </li>
     <li><a href="../../nodestore/document/secondary-store.html" title="Secondary Store"><span class="none"></span>Secondary Store</a>  </li>
     <li><a href="../../nodestore/persistent-cache.html" title="Persistent Cache"><span class="none"></span>Persistent Cache</a>  </li>
@@ -171,7 +179,11 @@
     <li><a href="../../nodestore/compositens.html" title="Composite NodeStore"><span class="none"></span>Composite NodeStore</a>  </li>
       </ul>
   </li>
-    <li><a href="../../plugins/blobstore.html" title="Blob Storage"><span class="none"></span>Blob Storage</a>  </li>
+    <li><a href="../../plugins/blobstore.html" title="Blob Storage"><span class="icon-chevron-down"></span>Blob Storage</a>
+      <ul class="nav nav-list">
+    <li><a href="../../features/direct-binary-access.html" title="Direct Binary Access"><span class="none"></span>Direct Binary Access</a>  </li>
+      </ul>
+  </li>
     <li><a href="../../query/query.html" title="Query"><span class="icon-chevron-down"></span>Query</a>
       <ul class="nav nav-list">
     <li><a href="../../query/query-engine.html" title="Query Engine"><span class="none"></span>Query Engine</a>  </li>
@@ -239,29 +251,25 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-  --><div class="section">
+  -->
+<div class="section">
 <h2><a name="Authorizable_Actions"></a>Authorizable Actions</h2>
 <div class="section">
 <h3><a name="Overview"></a>Overview</h3>
 <p>Oak 1.0 comes with a extension to the Jackrabbit user management API that allows to perform additional actions or validations upon common user management tasks such as</p>
-
 <ul>
-  
+
 <li>create authorizables</li>
-  
 <li>remove authorizables</li>
-  
 <li>change a user&#x2019;s password</li>
 </ul>
 <p>Similar functionality has been present in Jackrabbit 2.x as internal interface. Compared to the Jackrabbit interface the new <tt>AuthorizableAction</tt> has been slightly adjusted to match Oak requirements operate directly on the Oak API, which eases the handling of implementation specific tasks such as writing protected items.</p></div>
 <div class="section">
 <h3><a name="AuthorizableAction_API"></a>AuthorizableAction API</h3>
 <p>The following public interfaces are provided by Oak in the package <tt>org.apache.jackrabbit.oak.spi.security.user.action</tt>:</p>
-
 <ul>
-  
+
 <li><a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.html">AuthorizableAction</a></li>
-  
 <li><a href="/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableActionProvider.html">AuthorizableActionProvider</a></li>
 </ul>
 <p>The <tt>AuthorizableAction</tt> interface itself allows to perform validations or write additional application specific content while executing user management related write operations. Therefore these actions are executed as part of the transient user management modifications. This contrasts to <tt>org.apache.jackrabbit.oak.spi.commit.CommitHook</tt>s which in turn are only triggered once modifications are persisted.</p>
@@ -270,36 +278,27 @@
 <div class="section">
 <h3><a name="Default_Implementations"></a>Default Implementations</h3>
 <p>Oak 1.0 provides the following base implementations:</p>
-
 <ul>
-  
+
 <li><tt>AbstractAuthorizableAction</tt>: abstract base implementation that doesn&#x2019;t perform any action.</li>
-  
 <li><tt>DefaultAuthorizableActionProvider</tt>: default action provider service that allows to enable the built-in actions provided with oak.</li>
-  
 <li><tt>CompositeActionProvider</tt>: Allows to aggregate multiple provider implementations.</li>
 </ul>
 <div class="section">
 <h4><a name="Changes_wrt_Jackrabbit_2.x"></a>Changes wrt Jackrabbit 2.x</h4>
-
 <ul>
-  
+
 <li>actions no longer operate on JCR API but rather on the Oak API direct.</li>
-  
 <li>provider interface simplifies pluggability</li>
 </ul></div>
 <div class="section">
 <h4><a name="Built-in_AuthorizableAction_Implementations"></a>Built-in AuthorizableAction Implementations</h4>
 <p>The following implementations of the <tt>AuthorizableAction</tt> interface are provided:</p>
-
 <ul>
-  
+
 <li><tt>AccessControlAction</tt>: set up permission for new authorizables</li>
-  
 <li><tt>PasswordValidationAction</tt>: simplistic password verification upon user creation and password modification</li>
-  
 <li><tt>PasswordChangeAction</tt>: verifies that the new password is different from the old one</li>
-  
 <li><tt>ClearMembershipAction</tt>: clear group membership upon removal of an authorizable.</li>
 </ul>
 <p>As in Jackrabbit 2.x the actions are executed with the editing session and the target operation will fail if any of the configured actions fails (e.g. due to insufficient permissions by the editing Oak ContentSession).</p></div></div>
@@ -307,11 +306,9 @@
 <h3><a name="Pluggability"></a>Pluggability</h3>
 <p>The default security setup as present with Oak 1.0 is able to provide custom <tt>AuthorizableActionProvider</tt> implementations and will automatically combine the different implementations using the <tt>CompositeActionProvider</tt>.</p>
 <p>In an OSGi setup the following steps are required in order to add an action provider implementation:</p>
-
 <ul>
-  
+
 <li>implement <tt>AuthorizableActionProvider</tt> interface exposing your custom action(s).</li>
-  
 <li>make the provider implementation an OSGi service and make it available to the Oak repository.</li>
 </ul>
 <div class="section">
@@ -320,8 +317,9 @@
 <div class="section">
 <h6><a name="Example_Action_Provider"></a>Example Action Provider</h6>
 
-<div class="source">
-<div class="source"><pre class="prettyprint">@Component()
+<div>
+<div>
+<pre class="source">@Component()
 @Service(AuthorizableActionProvider.class)
 public class MyAuthorizableActionProvider implements AuthorizableActionProvider {
 
@@ -360,13 +358,15 @@ public class MyAuthorizableActionProvide
         config = ConfigurationParameters.of(properties);
     }
 }
-</pre></div></div></div>
+</pre></div></div>
+</div>
 <div class="section">
 <h6><a name="Example_Action"></a>Example Action</h6>
 <p>This example action generates additional child nodes upon user/group creation that will later be used to store various target-specific profile information:</p>
 
-<div class="source">
-<div class="source"><pre class="prettyprint">class ProfileAction extends AbstractAuthorizableAction {
+<div>
+<div>
+<pre class="source">class ProfileAction extends AbstractAuthorizableAction {
 
     private final String publicName;
     private final String privateName;
@@ -403,12 +403,14 @@ public class MyAuthorizableActionProvide
             }
         }
     }
-</pre></div></div></div>
+</pre></div></div>
+</div>
 <div class="section">
 <h6><a name="Example_Non-OSGI_Setup"></a>Example Non-OSGI Setup</h6>
 
-<div class="source">
-<div class="source"><pre class="prettyprint">Map&lt;String, Object&gt; userParams = new HashMap&lt;String, Object&gt;();
+<div>
+<div>
+<pre class="source">Map&lt;String, Object&gt; userParams = new HashMap&lt;String, Object&gt;();
 userParams.put(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, new MyAuthorizableActionProvider());
 ConfigurationParameters config =  ConfigurationParameters.of(ImmutableMap.of(UserConfiguration.NAME, ConfigurationParameters.of(userParams)));
 SecurityProvider securityProvider = SecurityProviderBuilder.newBuilder().with(config).build();



Mime
View raw message