Provide some system ACLs for common tasks like menu entries

[gruberroland-netcentric]

We often have the task to manage menu entries (classic/touch, e.g. access to SiteAdmin) via ACLs. Sometimes their path also change between versions of AEM.

It would be great to have a default set of standard ACLs that can be used and AC Tool takes care about the paths. This would reduce the config files and also make them more readable.

E.g.

   - path: $ACCESS_TO_SITEADMIN_CLASSIC
     permission: deny
     actions: read

   - path: $ACCESS_TO_SITEADMIN
     permission: deny
     actions: read

[ghenzler]

+1 for improving this and reduce duplication.

Probably it would be better to use macros that include even more than the above example:

   - fragment-restrict-for-everyone:

       - FUNCTIONALITY_DENIES # if an entry here is a YAML literal instead of a YAML associate array, it could be automatically interpreted as Macro

   - fragment-authors:

       - FUNCTIONALITY_TOUCH_ALLOW_SITES # macros could  expand to multiple path entries

       - FUNCTIONALITY_CLASSIC_ALLOW_SITEADMIN

       - FUNCTIONALITY_TOUCH_ALLOW_ASSETS

       - FUNCTIONALITY_CLASSIC_ALLOW_DAM

       - path: /content/somepath # macros and real paths could be mixed
         permission: deny
         actions: read

   - fragment-admins:

       - FUNCTIONALITY_TOUCH_OPERATIONS 

       - FUNCTIONALITY_TOUCH_CLOUDSERVICES 

@gruberroland-netcentric WDYT?

[gruberroland-netcentric]

Even better :)

[mtstv]

In this case you realy needs to setup different versions for each AEM version, also there is difference between Service Packs and possible Patch Levels (installed set of Hotfixes).