Hi there, i am trying to assign the right permissions for the users to operate with nodes (folders, files...). First of all i checked http://wiki.apache.org/jackrabbit/AccessControl but the sample for Resource Based ACLs is a TODO. Then i checked the API to see if it is explicit enough to do my way with it, but it is not at least for me. The point i am now at is the following: i can create users (and authenticate them) and nodes (folders, files...) and i want to set permissions to allow / disallow actions coming from the subjects over the nodes. Conceptually i understand what i want to do (set up resource-based ACLs on the root node that disallows access for every user except the administrator and another one in each directory which allows access just for its onwer). I think that the problem is that i am missing something when trying to work with the Java code. The following piece is the way i access the privileges that the user (representated by the session i guess) on a node (represented by the path): [...] AccessControlManager acm = session.getAccessControlManager(); *// MyOwnACLTemplate extends AbstractACLTemplate* AccessControlPolicy policy = new *MyOwnACLTemplate*(usersPath, session.getValueFactory()); *// AccessControlPolicy -- Implemented by --> AbstractACLTemplate* acm.setPolicy(usersPath, policy); [...] And in the last line, when trying to set the policy, i reach the following code inside Jackrabbit: public void setPolicy(String absPath, AccessControlPolicy policy) throws PathNotFoundException, AccessControlException, AccessDeniedException, RepositoryException { checkInitialized(); checkPermission(absPath, Permission.MODIFY_AC); // This exception is always thrown * throw new AccessControlException("AccessControlPolicy " + policy + " cannot be applied.");* } As far as i understand and seeing the code (inside Jackrabbit), a policy will never be assigned, isn't it? Should i write my own code to manage the ACLs, Policies (set of ACEs, isn't it?) and so on? BTW, am i in the right path to achieve what i described as my target? Or results that managing ACLs in Jackrabbit is completely different to the path i am following now? Thanks in advance for your attention!