ACLs

An access control  list (ACL) is used, as the name says, to control access to specific data items to those who are on this list.

In Cinnamon, ACLs are used to grant or deny access to folders, documents and metadata.

Each user is the member of one (his own) or more groups, and a group can be associated with an ACL in a compound item called an ACL-entry. An ACL-entry can be combined with permissions which are validated each time a user calls upon the Cinnamon API.

Example:

The ACL "ReviewAcl" has an ACL-entry which links it to the "reviewers" group. This ACL-entry is given two permissions: BROWSE_FOLDER and READ_OBJECT_CONTENT.  A user who is a member of the reviewers group may now browse a folder with the ReviewAcl and also read the content of objects therein, if they have the ReviewAcl, too.

ACLs inherit ACL-entries and permissions from their predecessors. You can use the default ACL and a special template-ACL which inherits the default attributes from while granting write-permissions only to users of a specific group.