I know I can give permissions in

${host}:4502/useradmin

when I double click user login and go to Permissions tab

I want to give permissions when I deploy content package.

Is it possible?

When you give permission for a user for a particular node/path , it basically stores the permission on the node level below the rep:policy node (allow/deny).

I want to give permissions when I deploy content package.

• You can deploy an AEM package containing only rep:policies which will serve the same purpose of setting up permissions through useradmin.

You can refer to ACL packager from ACS Tools for packaging ACLs.

Note : The user who is installing the package needs to have permission to set ACLs

To programmatically set ACLs (as the title of your question says), you might care to check out few Jackrabbit/JCR interfaces/classes .

org.apache.jackrabbit.api.security.JackrabbitAccessControlManager
org.apache.jackrabbit.api.security.JackrabbitAccessControlList
javax.jcr.security.Privilege

I added under the folder where I want to configure permissions file with name

_rep_policy.xml

with content like this:

<?xml version="1.0" encoding="UTF-8"?>

<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0" xmlns:rep="internal"
          jcr:primaryType="rep:ACL">
    <allow
            jcr:primaryType="rep:GrantACE"
            rep:principalName="myusername"
            rep:privileges="{Name}[jcr:read,rep:write,jcr:versionManagement,jcr:lockManagement]"/>
</jcr:root>

and in pom.xml I added following entry:

<profiles>
        <profile>
            <id>autoInstallContentPackage</id>
            <activation>
                <activeByDefault>false</activeByDefault>
            </activation>
            <build>
                <plugins>
                    <plugin>
                        <groupId>com.day.jcr.vault</groupId>
                        <artifactId>content-package-maven-plugin</artifactId>
                        <executions>
                            <execution>
                                <id>install-package</id>
                                <goals>
                                    <goal>install</goal>
                                </goals>
                            </execution>
                        </executions>
                        <configuration>
                            ...
                            <properties>
                                <acHandling>Overwrite</acHandling>   //allow modify permissions
                            </properties>
                        </configuration>
                    </plugin>
                </plugins>
            </build>
        </profile>
        ....

You can use curl command to set permissions. AEM OOB provide Curl scripts to: 1. Create/Delete groups 2. Create/Delete users 3. Add groups/users in groups 4. Add permissions in group

one example of assigning permissions using curl is:

curl -u admin:admin -X POST --noproxy localhost -FauthorizableId=MyGroup -Fchangelog=path:/content/site/page/path,read:true,modify:true,create:true,delete:true,acl_read:false,acl_edit:false,replicate:false http://localhost:4502/.cqactions.html

This can be automated using a script easily (bat file or a shell script or some java program).