We have finally taken this approach, it is not the result we initially expected but it works for us. In addition we also gave read permission to the root "/" The end result is that you can read all the content, but the difference is in the writing and publishing permissions that each group has. Than...

I just tried this approach, denying causes no content to be displayed, another point, I had to create the /content/jcr:content node as it didn't exist

Yes, I have also tried removing the deny-all and leaving only the allow /content/site1 or /content/site2, but this causes nothing to be visible. I can only see something when I also add /, but this causes all contents to be visible, even those that shouldn't be.

"This case causes no content to be visible. If I only add allow /content/site1, I don't see any content, but when I add /, then the contents are visible, including contents that shouldn't be seen."

Hello, a pleasure to greet you I have two sites, one is hosted at /content/site1 and the other at /content/site2. I have a role called author_site1 and another called author_site2. The error I'm experiencing is when I assign a user to both the author_site1 group and the author_site2 group, it remove...