Clarify underlying JCR session in documentation

[kwin]

For each of the execution possibilities the underlying JCR session/resource resolver should be clarified. I guess this is

1. Startup hook: service resolver (which one, which permissions by default?)
2. Install hook: service resolver (which one, which permissions by default?)
3. Manual execution: requests based resolver (bound to the user session)

[kwin]

Particularly it is not clear when which of the three service users from https://github.com/valtech/aem-easy-content-upgrade/blob/c5bce3e529dffe77683f7873f896472f78d861ef/complete/src/main/content/jcr_root/apps/valtech/aecu-complete/config/org.apache.sling.jcr.repoinit.RepositoryInitializer~setacls.config#L14-L24 are used from where.

[nhirrle]

Hi @kwin First of all sorry for the late answer. You are right, there are some improvements to do not only on the documentation side but also implementation side. For the startup hook more permissions are required so the aecu-admin is used. For the manual execution within groovy indeed the user session should be used but it is not right now the case and instead a service user is used. There is also protection on the Groovyconsole itself, usually a user with administration rights is able to execute groovyscripts only ( see https://github.com/orbinson/aem-groovy-console#osgi-configuration / Script Execution Allowed Groups). Best, Nicolas