We've been migrating to Shiro and I'm wondering about the best way to
implement group-specific roles in Shiro. In our system, groups are
primarily organizational (think a team or club) so are distinct from
roles. There are group-specific admin roles and groups can
arbitrarily create their own roles that aren't shared with any other
group. Would these types of roles be better implemented as
permissions ("groups:admin-role:group-id") or as a role with a naming
convention such as "group-id:admin". My sense is that latter is more
appropriate, but didn't want to go against the grain of Shiro.
Ed
