In which two ways can a developer keep simple and maintainable CRX Access Control Lists? (Choose two.)
In which two ways can a developer keep simple and maintainable CRX Access Control Lists? (Choose two.)
To keep CRX Access Control Lists simple and maintainable, best practices suggest using Deny statements sparingly because excessive use of Deny statements can cause unintended conflicts and complexities, especially when users are in multiple groups. Additionally, assigning access rights to user groups rather than individual users is recommended because managing a smaller number of groups is simpler and more efficient than managing numerous individual users.
should be B, C
Correct answer is B and C
B and C: The following are recommendations about managing access control lists: Do not assign permissions directly to users. Assign them only to groups. This will simplify the maintenance, as the number of groups is much smaller than the number of users, and also less volatile. If you want a group/user to be able only to modify pages, do not grant them create or deny rights. Only grant them modify and read rights. Use Deny sparingly. As far as possible use only Allow. Using deny can cause unexpected effects if the permissions are applied in a different order than the order expected. If a user is a member of more than one group, the Deny statements from one group may cancel the Allow statement from another group or vice versa. It is hard to keep an overview when this happens and can easily lead to unforeseen results, whereas Allow assignments do not cause such conflicts. Adobe recommends that you work with Allow rather than Deny Reference: https://experienceleague.adobe.com/docs/experience-manager-65/administering/security/security.html?lang=en#managing-permissions
Shouldn't be B&C ?
should be B, C