Hi, I would need to setup ACLs in AEM for the Sling tenant module such that the sling-tenant service user can read/write under /etc/tenants. Currently, the TenantProvider considers anything under /etc/tenants as a tenant (including ACL resources such as rep:policy).
I think we could generally solve this in either of the following ways 1. Allow the TenantProvider to skip a configurable list of resource names when listing tenants ; or 2. Use the Jackrabbit support for ACL glob restrictions and set the ACE under /etc instead of /etc/tenants Going the 1. route is easy, but I am expecting the pattern occurs in many modules and it may be complex to maintain the duplicated configurations. Going the 2. route may be better, but we'd need support for specifying glob restrictions in repoinit. What pattern makes most sense ? Regards, Timothee
