| # Removal of individual access control entries (see SLING-11160), requires |
| # o.a.s.repoinit.parser 1.6.14 and |
| # o.a.s.jcr.repoinit 1.1.38 |
| |
| # remove entries by path |
| |
| remove ACL on /libs,/apps, /, /content/example.com/some-other_path |
| allow jcr:read for user1,user2 |
| allow privilege_without_namespace for user4 |
| deny jcr:write,something:else,another:one for user2 |
| deny jcr:lockManagement for user1 |
| deny jcr:modifyProperties for user2 restriction(rep:itemNames,prop1,prop2) |
| end |
| |
| # remove entries by principal |
| |
| remove ACL for user1,u2 |
| allow jcr:read on /content |
| allow jcr:addChildNodes, jcr:modifyProperties on /content restriction(rep:glob) |
| deny jcr:read on /etc, /var restriction(rep:ntNames,sling:Folder,nt:unstructured) restriction(rep:itemNames,prop1,prop2) |
| end |
| |
| # remove principal-based entries |
| |
| remove principal ACL for principal1,principal2 |
| allow jcr:read on /content |
| deny jcr:modifyProperties on /apps, /content restriction(rep:itemNames,prop1,prop2) |
| allow jcr:addChildNodes on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) |
| allow jcr:modifyProperties on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) restriction(rep:itemNames,prop1,prop2) |
| allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat,/cat/,cat) |
| allow jcr:addChildNodes on /apps,/content restriction(rep:glob,cat/,*,*cat) |
| allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat/*,*/cat,*cat/*) |
| allow jcr:something on / restriction(rep:glob) |
| allow jcr:all on :repository,home(alice) |
| end |