Some high-level topics that we skimmed over during the configuration of our ACL environment had to do with ACE permissions, and the use of
GrantedAuthority indicators to assist the ACL environment in determining whether certain types of runtime changes to ACLs were allowed. Now that we have a working environment, we'll review these more advanced topics.
Permissions are no more than single logical identifiers represented by bits in an integer. An access control entry grants permissions to SIDs based on the bitmask which comprises the logical ANDing of all permissions applicable to that access control entry.
o.s.s.acls.domain.BasePermission defines a series of integer values ...