Hi, This is about creating service users and setting ACLs for SLING-5355. I think it's easier to discuss these general principles here.
Carsten wrote there: > I would prefer a solution which is processed by the tool processing the > provisioning model > and then creating "content" which is installed in the repository. So it's a > one time thing - > done at build time. You will need a runtime component as well - to install content, you have to wait for the content repository to be available, and also wait for any required node types to be available (see the "additional constraints" that I added to the ticket's requirement) if you want to create the required paths. So, once you have those mechanisms that can create users and change ACLs at runtime, why would they be safer that OSGi configs? I think I'll need a very concrete example of what you are suggesting to be convinced that it's better than the current config-based mechanism. -Bertrand