# including repo-level
set ACL on /content,:repository
    allow jcr:all for user1
end