CreateServiceUser user1 CreateServiceUser u-ser_2 SetAclPaths on /libs /apps AclLine REMOVE_ALL {principals=[user1, u-ser_2]} AclLine ALLOW {principals=[user1, u-ser_2], privileges=[jcr:read]} AclLine DENY {principals=[u-ser_2], privileges=[jcr:write]} AclLine DENY {principals=[user1], privileges=[jcr:lockManagement]} AclLine REMOVE {principals=[u3], privileges=[jcr:understand, some:other]} CreateServiceUser bob_the_service SetAclPaths on /tmp AclLine ALLOW {principals=[bob_the_service], privileges=[some:otherPrivilege]} CreatePath [content, example.com(sling:Folder)] CreatePath [var(nt:unstructured)] SetAclPrincipals for alice bob fred AclLine REMOVE_ALL {paths=[/]} AclLine ALLOW {paths=[/content, /var], privileges=[jcr:read]} AclLine DENY {paths=[/content/example.com], privileges=[jcr:write]} AclLine DENY {nodetypes=[example:Page], paths=[/], privileges=[jcr:all]} SetAclPrincipals for restrictions_examples AclLine DENY {nodetypes=[sling:Folder, nt:unstructured], paths=[/apps, /content], privileges=[jcr:modifyProperties]} restrictions=[rep:itemNames=[prop1, prop2]] AclLine ALLOW {paths=[/apps], privileges=[jcr:addChildNodes]} restrictions=[rep:ntNames=[sling:Folder, nt:unstructured]] AclLine ALLOW {paths=[/apps], privileges=[jcr:modifyProperties]} restrictions=[rep:ntNames=[sling:Folder, nt:unstructured], rep:itemNames=[prop1, prop2]] AclLine ALLOW {paths=[/apps, /content], privileges=[jcr:addChildNodes]} restrictions=[rep:glob=[/cat/*, */cat, *cat/*]] RegisterNamespace (NSprefix) uri:someURI/v1.42 RegisterNodetypes: [slingevent:Event] > nt:unstructured, nt:hierarchyNode - slingevent:topic (string) - slingevent:properties (binary) CreateUser userE (with encoded password), password=afdgwdsdf, passwordEncoding=someEncoding CreateUser one_with-more-chars.ok:/123456 (with encoded password), password=pw-with.ok-:/13456, passwordEncoding=encoding_with.ok-:/12345 CreateServiceUser the-last-one DisableServiceUser svc1 : This is the message