Unclear Data Model for Groups, Users, Partitions and Roles
The group model, the members in groups and the partitions and roles seem to be a bit unclear. For example, it is possible to add groups as sub-groups to other groups.
It is not clear though what the effect is supposed to be on members in the parent group: are they automatically a member of the sub groups as well?
The use of the partitions is also a bit confusing: partition membership is added on a per user basis, but what if you'd like to add a group to a partition? It is also not really clear when you want to add the same user to multiple partitions in the same group with different roles.
It almost feels like the group membership, which seems to be of more importance in the context of ACLs in the data is being mixed with Role Membership, which is important for the API's.
A clear document of the current situation would really help, because explaining the model to current customers is very hard.