Creating Additional Authorization Groups
Authorization groups can provide a convenient and flexible way to control access to your namespace. You can combine users according to organization, work type, security status, and so on, and then grant each group a specific set of permissions to specific directories or other names in the namespace.
To delegate authority locally, you can create an authorization group for each of the functional directories that you plan to create in your namespace. For example, you could create an authorization group named subsys/dce/sales-admin and include, as members, the individuals who are responsible for managing the /.:/sales directory. Each local authorization group could have full access to the contents of the directory for which it is responsible.