I am making a software as a service using Spring 3.0 (Spring MVC, Spring Security, Spring Roo, Hibernate)

I have to come up with a flexible access control list mechanism.I have three different kinds of users

• System (who can do any thing to the system, includes admin and internal daemons)
• Operations (who can add and delete users, organizations, and do maintenance work on behalf of users and organizations)
• End Users (they belong to one or more organization, for each organization, the user can have one or more roles, like being organization admin, or organization read-only member) (role like orgadmin can also add users for that organization)

Now my question is, how should i model the entity of User?

If I just take the End User, it can belong to one or more organizations, so each user can contain a set of references to its organizations. But how do we model the users role for each organization,

So for example User UX belongs to organizations og1, og2 and og3, and for og1 he is both orgadmin, and org-read-only-user, where as for og2 he is only orgadmin and for og3 he is only org-read-only-user

I have the possibility of making each user belong to one organization alone, but that's making the system bounded and I don't like that idea (although i would still satisfy the requirement)

If you have a better extensible ACL architecture, please suggest it. Since its a software as a service, one would expect that alot of different organizations would be part if the same system. I had one concern that it is not a good idea to keep og1 and og2 data on the same DB (if og1 decides to spawn a 100 reports on the system, og2 should not suffer) But that is some thing advanced for now and is not directly related to ACL but to the physical distribution of data and setup of services based on those ACLs

This is a community Wiki question, please correct any thing which you wish to do so. Thanks