We are developing a pretty large system that will hold about 25 million orders per year and we have a few requirements for our access control system.
Each installation will contain one or more organizations with a nested group hierarchy that references roles and users. I was wondering if anyone has any experience or ideas regarding:
1. How to handle nested groups with inheritance of roles in an efficient manner?
2. The application must support to set what group(s) can see a particular order (also with inheritance support), this of course must be filtered in our SQL/JPQL query.
We need both instance access control (ACL) and role based security. Currently the system is running with Spring Security 3.0RC2 with a simplified "owner-organization-as-admin" functionality covering the ACL and groups without nesting.
Attached is a very simple (and ugly!) minimal instance diagram.
ACL, nested groups and > 25 million instances
