Similar to Jan Phillip, we have a small setup where we give permissions to groups and then I can add or remove users from the groups fairly easily.

On 4/6/2011 4:54 AM, Keith Edmunds wrote:

We have a customer with a large public folder hierarchy. They occasionally make requests to have the public folder ACLs changed; for example: "please give user X access to all public folders" (that's nearly 1700 folders). Worse: "please give user Y access to all sales folders" (there are 1450 sales folders).

So on all your sales folders, you have a few groups: sales-full-access sales-read-only everything-full-access everything-read-only

Your user X, you would maybe put in the "everything-full-access" group. User Y would get added to the "sales-full-access" group.

The problem is that there are (naturally) spaces in the folder names, which makes command line manipulation challenging. We've ended up with some astonishingly hacky Python scripts that enter each folder starting with (for example) ".sales" and replacing the dovecot-acl file to try to fulfil the above requests. One day our script are going to get it wrong, or requests will become more complex ("give X access all sales/CustA folders, Y access to all sales/CustB folders, and Z access to all sales folders). There must be a Better Way.

This part gets a little trickier, but you could still do it with groups.

How do others manage divergent ACLs within large public folder hierarchies?

Again, we have a small setup -- nothing so large as yours... so even my suggestions may not be the best for you.

Thanks, Keith