Using shorter ACLs with
general identifiers has several advantages. The operating system processes
shorter ACLs more rapidly. In addition, when employees change but
the functions remain the same, you do not have to change every ACL
across the system. Instead, you change the holders of the identifier.
If employees leave the project, you can edit their records in RIGHTSLIST.DAT
so they no longer hold the identifier, or if they leave the company,
you can remove their user authorization file (UAF) records altogether.
When new employees are hired for the same jobs, grant the new users
the right to hold the identifier. The new users then have the same
ACL-based access as the former users.