I've created a situation where authors are running into permission issues when trying to move pages under certain conditions.
To manage access, I set up group ACLs that limit author permissions to specific content paths, allowing them to only edit, publish, and perform similar actions within their designated regions. This was achieved by denying jcr:write and crx:replicate at the /content level, while allowing these permissions for their specific regional content paths.
This setup works well until an author needs to move or rename a page within their accessible top-level path. If that page only has references within the author's regions they have access to, the move operation works fine. If that page does have references outside the region they can access, it triggers a "request to move" operation. This happens because the move process attempts to update the references through unpublishing and publishing, which they cannot perform outside of their region. I understand why this is occurring.
While I have some ideas for workarounds, I wanted to check if there’s a simpler solution that I might be overlooking. Please let me know if you need any further details.
