| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| |
| # general |
| create path (sling:OrderedFolder) /content |
| set ACL for everyone |
| allow jcr:read on /content |
| end |
| |
| # sling-readall |
| create service user sling-readall with path system/sling |
| |
| set principal ACL for sling-readall |
| allow jcr:read on / |
| end |
| |
| # sling-xss |
| create service user sling-xss with path system/sling |
| |
| create path (sling:Folder) /apps/sling/xss |
| |
| set principal ACL for sling-xss |
| allow jcr:read on /apps/sling/xss |
| end |
| |
| # sling-jcr-install |
| create service user sling-jcr-install with path system/sling |
| |
| # used for config OSGi writeback |
| create path (sling:Folder) /apps/sling/install |
| |
| set principal ACL for sling-jcr-install |
| allow rep:write on /apps/sling/install |
| end |
| |
| # content-package installer |
| create service user sling-package-install with path system/sling |
| |
| set principal ACL for sling-package-install |
| allow jcr:all on / |
| allow jcr:namespaceManagement,jcr:nodeTypeDefinitionManagement on :repository |
| end |
| #<<< SLING-5848 - Define service user and ACLs for Scripting |
| create service user sling-search-path-reader with path system/sling |
| |
| create path (sling:Folder) /libs |
| create path (sling:Folder) /apps |
| |
| set principal ACL for sling-search-path-reader |
| allow jcr:read on /libs,/apps |
| end |
| # SLING-5848 - Define service user and ACLs for Scripting >>> |
| #<<< SLING-9735 - Define service user and ACLs for jcr.contentloader |
| create service user sling-jcr-content-loader with path system/sling |
| set principal ACL for sling-jcr-content-loader |
| allow jcr:all on / |
| end |
| # SLING-9735 - Define service user and ACLs for jcr.contentloader >>> |
| #<<< SLING-9809 - Define service user and ACLs for jcr.usermanager |
| create service user sling-jcr-usermanager with path system/sling |
| set principal ACL for sling-jcr-usermanager |
| allow jcr:read,jcr:readAccessControl,jcr:modifyAccessControl,rep:write,rep:userManagement on /home |
| end |
| # SLING-9809 - Define service user and ACLs for jcr.usermanager >>> |