I am administering a vanilla one-author instance of Forms 6.4 on JEE on Windows Server.
I created an enterprise domain, filled it with Active Directory users, and used the built-in JEE security roles to designate forms authors who can access all content in the Forms and Documents CRX node to author forms and create Workbench apps.
For our forms consumers we want to restrict access to only certain content nodes. One folder per department, for instance. The permissions matrix at <server>/lc/useradmin offers no straightforward way to apply those permissions back 'up' to JEE groups.
What are the best practices for restricting user access to CRX content nodes on the JEE platform? Should I even consider the useradmin matrix? Where can I look for more reading?
One possible workaround: Use the AEM desktop utility on a file server and copy content to a share on a scheduled task. But that might not bypass the issue.