Page History

...

JCR access security is checked on every endpoint which that reads or writes JCR data.

...

Magnolia recommends you create custom REST roles granting specific access for specific use cases.

There is no "one size fits all" recipe. Create the custom roles according to your needs. However here are a few recommendations.

The custom roles you create depend on your specific project requirements. In general, we recommend you:

• First deny everything, then specifically grant only First deny everything. Second grant specifically what is required.
• Avoid to grant granting write permissions to on JCR workspaces for anonymous userusers.
• Create distinct different roles for distinct each use casescase.