Hello,I understand that I can deny jcr:all for /apps and also for a script path that is mounted from a bundle via
<Sling-Initial-Content>folder/in/bundle;overwrite:=true;path:=/folder/in/resource/tree</Sling-Initial-Content>. After that the user will not see the scripts anymore. But if they are called to render a resource they are still executed. Is there a way to have something like jcr:execute to specify which user are allowed to execute the scripts?
Best, Sandro
