# Complete example with several intermixed statement types

create service user user1, u-ser_2
set ACL on /libs,/apps
    remove * for user1,u-ser_2
    allow jcr:read for user1,u-ser_2

    deny jcr:write for u-ser_2
    deny jcr:lockManagement for user1
    remove jcr:understand,some:other for u3
end

create service user bob_the_service

# Verify that indent is not required
set ACL on /tmp
allow some:otherPrivilege for bob_the_service
end

# Nodetypes inside the path apply to just that path element
create path /content/example.com(sling:Folder)

# A nodetype in front is used as the default for all path elements
create path (nt:unstructured) /var

set ACL for alice, bob,fred
    remove * on /
    allow jcr:read on /content,/var
    deny jcr:write on /content/example.com
    deny jcr:all on / nodetypes example:Page
    
end

set ACL for restrictions_examples
    deny jcr:modifyProperties on /apps, /content nodetypes sling:Folder, nt:unstructured restriction(rep:itemNames,prop1,prop2)
    allow jcr:addChildNodes on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured)
    allow jcr:modifyProperties on /apps restriction(rep:ntNames,sling:Folder,nt:unstructured) restriction(rep:itemNames,prop1,prop2)
    allow jcr:addChildNodes on /apps,/content restriction(rep:glob,/cat/*,*/cat,*cat/*)
end

register namespace ( NSprefix ) uri:someURI/v1.42

register nodetypes
<<===
    <slingevent='http://sling.apache.org/jcr/event/1.0'>
    
<<  [slingevent:Event] > nt:unstructured, nt:hierarchyNode
      - slingevent:topic (string)
      - slingevent:properties (binary)
===>>

create user userE with password {someEncoding} afdgwdsdf
create user one_with-more-chars.ok:/123456 with password {encoding_with.ok-:/12345} pw-with.ok-:/13456
create service user the-last-one

disable service user svc1 : "This  is the message"