DAV:all's privileges don't need to be protected; there are valid reasons to want to remove access for DAV:all via ACP.
--- CalendarServer/trunk/twistedcaldav/tap.py 2006-12-12 01:01:37 UTC (rev 795)
+++ CalendarServer/trunk/twistedcaldav/tap.py 2006-12-12 01:03:45 UTC (rev 796)
@@ -124,7 +124,6 @@
davxml.ACE(
davxml.Principal(davxml.All()),
davxml.Grant(davxml.Privilege(davxml.Read())),
- davxml.Protected(),
),
]