[
https://issues.apache.org/jira/browse/SLING-5848?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15399059#comment-15399059
]
Oliver Lietz commented on SLING-5848:
-------------------------------------
We should enable
{{org.apache.jackrabbit.oak.security.user.RandomAuthorizableNodeName}} in Sling
whatever pattern we choose for service users. This would also allow regular
users with a name in form {{firstname.lastname}}. If the pattern for service
users is configurable I'm fine with that too.
> Define service user and ACLs for Scripting
> ------------------------------------------
>
> Key: SLING-5848
> URL: https://issues.apache.org/jira/browse/SLING-5848
> Project: Sling
> Issue Type: Task
> Components: Scripting
> Reporter: Oliver Lietz
>
> Scripting implementations require a (service) ResourceResolver with very
> limited read rights to read scripts.
> Reading can be limited to these paths:
> * {{/apps}}
> * {{/libs}}
> * {{/etc}} (?)
> Name for service user: {{scripting}} or {{sling-scripting}} or
> {{sling.scripting}} (?)
> *repoinit:*
> {noformat}
> create path /apps
> create path /libs
> create service user sling-scripting
> set ACL for sling-scripting
> allow jcr:read on /apps
> allow jcr:read on /libs
> end
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
