If a lock applies to particular node (i.e., the node either holds the lock or is a descendant of a node holding a deep lock), that node cannot be changed by anyone except the user who is the token holder for that lock. The user need not be the lock owner.
Note that since at most one session per repository may hold the same lock token, serial access to the locked item is ensured.
More precisely, a lock applying to a node prevents all non-token holders from doing any of the following:
Adding or removing its properties.
Changing the values of its properties.
Adding or removing its child nodes.
Adding or removing its mixin node types.
Removing a node is considered an alteration of its parent. This means that a locked node may be removed by any user with sufficient access permissions as long as its parent node is not locked.
Similarly, a locked node and its subtree may be moved, if both the source parent and the destination parent-to-be are not locked. Locked nodes can always be read and copied (that is, serve as the source of a copy) by any user with sufficient access permissions.
When an action is prevented due to a lock, a LockException is thrown either immediately or on the subsequent save. Implementations may differ on which of these behaviors is used to enforce locking.
There is at most one lock on any node at one time.