all/src/main/content/jcr_root/apps/acs-commons/config.author/org.apache.sling.jcr.repoinit.RepositoryInitializer-acs-commons-author.config
scripts=[
"# these users and ACLs are only necessary on author
create service user acs-commons-package-replication-status-event-service with path system/acs-commons
set ACL for acs-commons-package-replication-status-event-service
allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on /
end
create service user acs-commons-workflow-remover-service with path system/acs-commons
# the path may not yet exist in AEMaaCS as it is created lazily
create path /var/workflow/instances(sling:Folder)
create path /etc/workflow/instances(sling:Folder)
set ACL for acs-commons-workflow-remover-service
allow jcr:read, rep:write on /var/workflow/instances
allow jcr:read, rep:write on /etc/workflow/instances
end
create service user acs-commons-workflowpackagemanager-service with path system/acs-commons
# the path may not yet exist in AEMaaCS as it is created lazily
create path /var/workflow/packages(sling:Folder)
create path /etc/workflow/packages(sling:Folder)
set ACL for acs-commons-workflowpackagemanager-service
allow jcr:read on /var/workflow/packages
allow jcr:read on /etc/workflow/packages
end
# MCP
create service user acs-commons-manage-controlled-processes-service with path system/acs-commons
create path /var/acs-commons/mcp(sling:Folder)
set ACL for acs-commons-manage-controlled-processes-service
allow jcr:all on /var/acs-commons/mcp
end
# Review Task mover
create service user acs-commons-review-task-asset-mover-service with path system/acs-commons
set ACL for acs-commons-review-task-asset-mover-service
allow jcr:read, jcr:versionManagement, rep:write on /content/dam
end
# Remote assets
create service user acs-commons-remote-assets-service with path system/acs-commons
set ACL for acs-commons-remote-assets-service
allow jcr:read, jcr:versionManagement, rep:write, crx:replicate on /content/cq:tags
allow jcr:read, jcr:versionManagement, rep:write, crx:replicate on /content/dam
allow jcr:read on /
# If /etc/tags is used, these ACLs be set manually - if RepoInit defines this structure, it supersedes the use of /content/cq:tags
# allow jcr:read, jcr:versionManagement, rep:write, crx:replicate on /etc/tags
end
# Twitter updater
create service user acs-commons-twitter-updater-service with path system/acs-commons
set ACL for acs-commons-twitter-updater-service
allow jcr:read, jcr:modifyProperties, crx:replicate on /content
end
# System notifications
create service user acs-commons-system-notifications-service with path system/acs-commons
create path /etc/acs-commons/notifications(sling:OrderedFolder)
set ACL for acs-commons-system-notifications-service
allow jcr:read on /etc/acs-commons/notifications
end
# Bulk workflow manager
create service user acs-commons-bulk-workflow-service with path system/acs-commons
create path /etc/acs-commons/bulk-workflow-manager(sling:Folder)
set ACL for acs-commons-bulk-workflow-service
allow jcr:read, jcr:modifyProperties on /etc/acs-commons/bulk-workflow-manager
end
# File fetch
create service user acs-commons-file-fetch-service with path system/acs-commons
set ACL for acs-commons-file-fetch-service
allow jcr:read,jcr:versionManagement,rep:write,crx:replicate on /content/dam
allow jcr:read on /
end
"
]