Jörg Hoh wrote... Hi Jay, Basically I agree with the documentation, that
you shouldn't use "DENY", but there is one big exception to this rule:
You should have a group, which grants the minimal applicable permission
set. For example you model a group "login only", which only allows to
login to AEM, but not to see any regular content (for example denying
ALL permissions on /content/* using wildcard ACL). Make sure, that this
group is the very frist group in the group list of every user. And the
y...