Create access control node

Access control nodes are used to restrict access to a node (the parent of the access control node) and its descendant nodes. They will be configured using the Access control dialog.

Access control permission is configured by an ordered list of access control entries, each of which

• Is associated to a user or a role
• Has an associated list of permissions. A permission has a permission class and it is either granted or denied. The permission classes used by nodes are
• Read node
• Add node
• Remove node
• Set property
• Remove property

The sequence of access control entries is important. For instance, the folder /jcr:system/nodes/password has two access control nodes:

1. An entry associated to role user, which denies the Read node permission.
2. An entry associated role administrator, which grant the Read node permission.

As a result, the read permission is denied for all users of role user, except for the users, which have role administrator in addition.