I am using the new Spring Security 3.1 and have a few questions to Spring Security ACL.

1. So let's say I have an object and want to define an ACL for it. I create an ACL Entry and want to asign it to a group of users; not a role (GrantedAuthoritySid), not one user (PrincipalSid), but a group of users. I have researched everywhere for an example but was unable to find any. Can you please point me to an example or the class that would help me in this scenario?

2. So now I want to create a second object that is related to the first object (it should aply for the same users).
This could be a status update for the first object for example. My GrantedAuthority or Principal has a different mask of permisions for the second object.
Also the first object has 2 GrantedAuthorities (2 ACLEntries), and the status update has just one. If I use ACL inheritance the permision sets for the first object do not match the permision set for the second.
My question is how can I model this so that the GrantedAuthorities for the two objects are automatically kept consistent while retaining different permision masks. One idea is to use a composite pattern to link the GrantedAuthority of the second object on the GrantedAuthority of the first object (instead of linking it to users).

3. An ACL has a owner. What is the owner for? What role does it play for the ACL or for the ACL entries?

thanks

P.S. ... I already posted this questions but figured the Thread Title was not the most sugestive and have tried to change it and was not able to so I'm reposting my questions under a different thread name.