Similar to the problem mentioned as below How to implement ACL at a group level? E.g. only teachers in school A can update school A's calendar
I am trying to solve below scenario Using acl spring security
We got a scenario to share the students result to group of teachers.In this scenario when a teacher login he can see the result only if teacher have read permission on Result object.If we need to share the result to group of teachers having 10 members in the group with read permission we need to give 10 entires in ACL_Entry table .This would be complicated as entries will increase with increase in group members and increase in permissions.Is there any other way such that if i share the result to group there will only one acl entry with group having read permission on result object with which automatically the teachers should get permission to read the object.Can you also explain with example how the schema would be.
Please help
To sort out the above problem I used below approach. I have users and user_role table in my schema.I m using db as authenticion manager in security context.
SchoolA is already the user of my application. Whenever a teacher is added to schoolA Group .I m adding schoolA as role to the teacher along with user role.while sharing result object to the schoolA group with read permission .I m considering schoolA as a GrantedAuthoritySid instead of PrincpalSid. So principal column will be false for SchoolA sid in ACL_SID table.Whenever teacher logs in while getting the results we check whether the teacher has read permission on the result object.but as teacher has schoolA role and schoolA role is having read permission. I m able to get the result object when teacher logs in. In this way I solved my above problem.