A customer needs to create a user and due to security reasons, that user can...

In AEM, fine-grained access control is managed using JCR Access Control Entries (ACEs). To grant access only to a specific node but exclude all child nodes, the correct approach is to set the rep:glob = "" property. This ensures that permissions apply strictly to the node itself and not recursively. Option B, rep:globs = "**", would apply access recursively to all descendants. Option C, rep:glob = "child", is invalid and does not represent a valid configuration. Adobe recommends precise use of rep:glob patterns to restrict user access according to security requirements, ensuring least-privilege principles.