We have a repository of type "File BVS with private workspaces".
We have implemented a custom authorization manager.
Generally we have two types of permissions, read-only and read-write.
We have implemented these permessions according to the documentation
"Implementing an Authorization Manager > Addendum B: Setting Typical Categories for Repository-level Authorization".
This addendum specifies that for read-only users, "NdRepositoryDirectoryEntryAddAuthorizationRequest" and "NdRepositoryEntryAttributesWriteAuthorizationRequest" should be "Deny" for read-only users.
However, these requests are issued when creating and updating a workspace.
So how do we go about in limit RO-users to read-access to the repository, but still allow creation of a private workspace? Is denying the *EntryLock* / *EntryUnlock* requests enough for denying RO-users the ability to modify versioned repositories?