If a SUPER_ADMINISTRATOR wants to delete Groups or users the SIDs and ACEs of those recipients have to be deleted also from the acl tables. The MutableAclService does not yet provide this feature. So it would be great if MutableAclService would have a method deleteRecipient(Sid sid) that delets the ACEs and the Sid entry in the acl_sid table.
Luke Taylor said:
I don't think we will be adding any extensions to the ACL interfaces in the near future. It's something that may be revisited again at some point though as it evolves.