I'm currently desining a system that requires the use of ACLs, but I'm finding it difficult to come up with an architecture when I think about the AclEntry creation. (it's the first time I need ACL based security, I managed to live and program only role based systems so far ;-) )
I mean, once the ACL list has been created, it's quite clear how to use it, but what are, in general, the approach to create the ACLEntries in the first place?
For sure we don't want the user to insert privileges for every created object, so there must be a reasonable default for it.
Also, I'm not sure about how to mix authorities based authorization with ACL based one. Using voters imply that a user need both the authority and an entry in an ACL to do some operation on some object, right?
Is there any common approach? Anyone willing to share his experience?