1 of 1 people found this helpful
This behavior is standard afaik (i.e. complies with the JSR 283 spec): when you're dealing with ACLs, initially there is no policy in effect for a node. Once you create/add entries to the policy that will be take effect based on *only* the entries from that policy and nothing else. There are no "magic defaults". So you need to make sure in your code, when you're changing ACLs that you're preserving whatever sensible defaults your application needs.