src/main/resources/cms/sling-cms.txt - sling-org-apache-sling-karaf-configs - Git at Google

 # CMS root paths
 create path (sling:OrderedFolder) /etc/i18n
 create path (sling:OrderedFolder) /etc/taxonomy
 create path (sling:OrderedFolder) /static
 create path (sling:OrderedFolder) /etc/usergenerated

 set ACL for everyone
   allow   jcr:read on /etc/i18n
   allow   jcr:read on /etc/taxonomy
   allow   jcr:read on /static
   allow   jcr:read on /conf
   allow   jcr:read on /etc/usergenerated
 end

 # Groups
 create path (rep:AuthorizableFolder) /home/groups
 create path (rep:AuthorizableFolder) /home/groups/sling-cms

 create group administrators with path sling-cms

 set ACL for administrators
   allow   jcr:all    on /
 end

 create group authors with path sling-cms

 set ACL for authors
   allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /content
   allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /static
   allow   jcr:read    on /
 end

 create group job-users with path sling-cms

 create group taxonomy-users with path sling-cms

 set ACL for taxonomy-users
   allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /etc/taxonomy
 end

 create group ugc-users with path sling-cms

 set ACL for ugc-users
   allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /etc/usergenerated
 end

 # Service users
 create service user sling-cms-error with path system/sling/cms

 set principal ACL for sling-cms-error
   allow jcr:read on /
 end

 create service user sling-cms-metadata with path system/sling/cms

 set principal ACL for sling-cms-metadata
   allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /content
   allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /static
   allow   jcr:read    on /
 end

 create service user sling-cms-transformer with path system/sling/cms

 set principal ACL for sling-cms-transformer
   allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /content
   allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /static
   allow   jcr:read    on /
 end

 create service user sling-cms-ugc with path system/sling/cms

 set principal ACL for sling-cms-ugc
   allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /etc/usergenerated
 end

 create service user sling-cms-versionmgr with path system/sling/cms

 set principal ACL for sling-cms-versionmgr
   allow   jcr:write,jcr:nodeTypeManagement,jcr:versionManagement    on /content
 end
	# CMS root paths
	create path (sling:OrderedFolder) /etc/i18n
	create path (sling:OrderedFolder) /etc/taxonomy
	create path (sling:OrderedFolder) /static
	create path (sling:OrderedFolder) /etc/usergenerated

	set ACL for everyone
	allow jcr:read on /etc/i18n
	allow jcr:read on /etc/taxonomy
	allow jcr:read on /static
	allow jcr:read on /conf
	allow jcr:read on /etc/usergenerated
	end

	# Groups
	create path (rep:AuthorizableFolder) /home/groups
	create path (rep:AuthorizableFolder) /home/groups/sling-cms

	create group administrators with path sling-cms

	set ACL for administrators
	allow jcr:all on /
	end

	create group authors with path sling-cms

	set ACL for authors
	allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /content
	allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /static
	allow jcr:read on /
	end

	create group job-users with path sling-cms

	create group taxonomy-users with path sling-cms

	set ACL for taxonomy-users
	allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /etc/taxonomy
	end

	create group ugc-users with path sling-cms

	set ACL for ugc-users
	allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /etc/usergenerated
	end

	# Service users
	create service user sling-cms-error with path system/sling/cms

	set principal ACL for sling-cms-error
	allow jcr:read on /
	end

	create service user sling-cms-metadata with path system/sling/cms

	set principal ACL for sling-cms-metadata
	allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /content
	allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /static
	allow jcr:read on /
	end

	create service user sling-cms-transformer with path system/sling/cms

	set principal ACL for sling-cms-transformer
	allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /content
	allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /static
	allow jcr:read on /
	end

	create service user sling-cms-ugc with path system/sling/cms

	set principal ACL for sling-cms-ugc
	allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /etc/usergenerated
	end

	create service user sling-cms-versionmgr with path system/sling/cms

	set principal ACL for sling-cms-versionmgr
	allow jcr:write,jcr:nodeTypeManagement,jcr:versionManagement on /content
	end