Element container protection

An element's protection is reflected in the file system ACL on its container objects.

For container files, VersionVault applies the element's ACL, as translated into file-read permissions. The container's owner is the VOB owner. The container's owning group is the element's group. Additional access control entries grant read access to users or groups named in the element's effective ACL. These groups need not be one of the VOB's owning group or additional groups. For example, if an element's rolemap's effective ACL says that three groups have read access to the element, then those three groups are granted read access in the file system to the source and cleartext containers of the element and its versions.