I have a customised Jira/Confluence installation.

In our installation, we do not want to have a central administrator. Therefore we allow any user to create:

• groups of users (users are authenticated using LDAP and I have arranged that user profiles are created upon authentication if they do not exist so no need to create user accounts manually)
• projects
• permission schemes
• notification schemes
• workflows

etc. etc.

It would be ideal if all these entities had ACLs associated with them. In particular user groups really should not be modifiable by anyone - if we protect content in Confluence by granting permission to a particular group, we really don't want people to be able to view the content by going in and temporarily adding themselves to the appropriate group.

The ACLs should allow specification of users and groups for read, update and delete operations.