# including repo-level
set ACL for user1
    allow jcr:all on :repository,/content
end