rep:policy)The default access control lists are bound to individual nodes. They may be used to grant/deny access for all operations that are in some way related to JCR items: regular read/write, access control management, versioning, locking and as of Oak 1.0 user management and writing index definitions.
/rep:repoPolicy)The access control lists bound to the null path can be used to grant/deny privileges associated with operations on repository-level such as namespace, node type, privilege and workspace management.
The effect of these entries is limited to the repository operations and is no inherited to any items inside the repository.
Access control policies created and modified using the default authorization model are stored as child of the node they are bound to with name rep:policy or as node with path /rep:repoPolicy (for repo-level policies).
"": {
"jcr:primaryType": "rep:root",
"content": {
"jcr:primaryType": "oak:Unstructured",
"jcr:mixinTypes": "rep:AccessControllable",
"rep:policy": {
"jcr:primaryType": "rep:ACL",
"allow": {
"jcr:primaryType": "rep:GrantACE",
"rep:principalName": "jackrabbit",
"rep:privileges": ["jcr:read", "rep:write"]
},
"deny": {
"jcr:primaryType": "rep:DenyACE",
"rep:principalName": "jackrabbit",
"rep:privileges": ["jcr:addNodes", "rep:addProperties"],
"rep:restrictions" {
"jcr:primaryType": "rep:Restrictions",
"rep:ntNames": ["nt:hierarchyNode", "nt:resource"]
}
}
}
}
}"": { "jcr:primaryType": "rep:root", "jcr:mixinTypes": "rep:RepoAccessControllable", "rep:repoPolicy": { "jcr:primaryType": "rep:ACL", "allow": { "jcr:primaryType": "rep:GrantACE", "rep:principalName": "elefant", "rep:privileges": ["rep:privilegeManagement"] } } }
Please refer for information
https://jackrabbit.apache.org/oak/docs/security/accesscontrol/default.html
Hope this is helpful
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
