How to allow users to edit experience fragments without allowing them to delete them.
Steps
To block users from deleting experience fragment pages without blocking them from editing, do the following:
A. Grant the user read access to the /content/experience-fragments:
Go to http://host:port/crx/de/index.jsp and log in as admin.
Browse to and select the node /content/experience-fragments.
In the bottom right panel, select the Access Control tab.
Click the green plus icon to the right to add a new Access Control Policy (the policy already exists if you already see access control entries listed - in that case go on to the next).
Click the green plus icon that shows up after that to add a new Access Control Entry.
Enter a Principal which is the id of the group that you want to grant the access.
Enable the checkbox for jcr:read.
Expand Advanced, under rep:glob enter double quotes "".
Click OK.
B. Add access to modify the desired branch of experience fragments without being able to delete:
Now, also using CRXDe, go to the desired sub-path under /content/experience-fragments, for example /content/experience-fragments/intuit.
In the bottom right panel select the Access Control tab.
Click the green plus icon to the right to add a new Access Control Policy (the policy already exists if you already see access control entries listed - in that case go on to the next step).
Click the green plus icon that shows up after that to add a new Access Control Entry.
Enter a Principal which is the id of the group that you want to grant the access.
Enable the checkbox for jcr:read and rep:write.
Click OK.
Click the green plus icon again to add another Access Control Policy.
Enter the same Principal name as in step 5.
Select Deny for the Type.
Expand Advanced and enable the checkboxes for jcr:removeChildNodes and rep:removeProperties.
C. Grant access to delete items under pages without allowing users to delete experience fragments themselves
Click the green plus icon that shows up after that to add a new Access Control Entry.
Enter a Principal which is the id of the group that you want to grant the access.
Expand Advanced and enable the checkboxes for jcr:removeChildNodes and rep:removeProperties.