ACLs are only set at the domain level

[jjaraalm]

As far as I can tell, ACLs are only settable at the domain and not object level. This seems like a regression compared to h5serv where I believe they were settable at the object level. This is also not very obvious based on the h5pyd API were ACLs are settable/gettable on objects.

Are there any architectural reasons we can't have object-level ACLs?

[jreadey]

I never heard of anyone using object-level ACLs with h5serv, so I took it out of HSDS to simplify things. Shouldn't be too hard to add object-level support if there's someone who wants it.

[jjaraalm]

For our data, we wanted most of the domain to be default read-only, but one group allowed writes. I've changed this by placing the write group into it's own domain, which actually makes more sense anyways, so it's not a major issue. It was just unexpected.

[jreadey]

Ok, I'll close this issue for now. We can re-open as a feature request if there's a need.