# repo-level permissions in "set ACL for"
set ACL for user1
    allow jcr:all on :repository,/content
end