I'm currently working on a Website, which should enable users to host files like pictures and documents. I got a groups and user based Rightsmanagement in Place, but it does not quite fit this concept of groups and users.
A User uploads a file which should be collaborated on by a small group of 2-3 users. This group is dynamic and they should only get access to this one File. Another Group called Staff should be able to view it but not able to edit or delete it.
Another User, different from the First, also uploads the File, but only wants Staff to edit it and make it accessible to all users.
Effectively I would end up with many thousands of groups with many redundant rights. Is there any better approach to this?