Rather than attempting to restructure UIC groups
to solve data and resource protection problems, you may be able to
achieve your goals by using access control lists (ACLs). (“Controlling Access with ACLs” provides a
detailed description of ACLs.) The UIC can serve as an identifier
in an ACE, so you can easily construct ACLs that allow specific users
across various UIC groups access to an object.
For example, consider the ACL that you might construct
to allow specific users from the Rainbow Paint Company to access the