I have worked with Spring Security Role based security but am new to Spring Security ACL. I need to use Spring security to implement ACL on object hierarchies. Like I have a company which has different branches, there are multiple departments in each branch and these departments can have multiple sections.
Now company admin should have access to all the data of that company. There will be branch admins, department admins and section admins. A branch admin will have access to data of each department and subsequent sections. There might be a 'branches' admin too which will have access to multiple branches.
My application stack is Spring 4, Spring security 4, Hibernate 5 and JSF2 with Primefaces 5.3.
I couldn't search an example and came up with the idea what changes would this impose on my DB design and how I should configure Spring Security ACL. Please refer to an example or guide.
