Typically, in a content management system and in other contexts in which access to electronically stored content is restricted, a user (individual, system, application, process, etc.) is permitted to access a content item if the user is included, individually or by virtue of membership in a group, in an “access control list” (ACL) associated with the content item. Group membership typically has been defined statically, such as by receiving and storing a list of individuals who are to be considered members of the group, and determined at runtime by consulting the statically defined list.
However, it would be useful to have a way to grant to a user and/or group certain rights that are to be available to the user/group in only certain contexts, e.g., to perform through an application a particular task, e.g., change a value to indicate that review has been completed and the content approved, that requires a higher level of access (write privileges, in the approval example) than it is desirable to grant a particular user for other purposes. Therefore, there is a need for an effective way to provide controlled access to manage content in some application contexts but not others.