Allow default ACLs on group level


There are users (usergroups) that should only have write access to objects of some specific types and read access to all other objects. In our ACL concept, we need to configure ACLs for every single type of that user group.

We should enhance our concept to define a default ACL on group level. That means, a group has by default access as defined for “READ“, “CREATE“, “UPDATE“, “DELETE“. This default ACL should be defined on the group page.


a user group is not mentioned in the ACLs of a specific object type, but ACLs are activated for an object type


ACLs are disabled for an object typ the default ACL of that group should be applied.




Michael Batz