Storage systems traditionally use a containment hierarchy to organize units of storage. In accordance with these systems, a container and therefore, inherently the units of data maintained within the container, are independently securable to facilitate the provisioning of access to the principals. Conventional systems offer discoverability through traversal that could limit access to data upon encountering a container that is not accessible to the principal.
These systems suffer from at least the following limitations. One limitation is that a principal cannot visualize the global set of data for which they have access. In other words, upon rendering a global set of data, if a container is encountered whereby a user does not have access, the contents (e.g., units of data) of this container could not be rendered. Consider a situation where a sub-folder or sub-container exists within a container with access restrictions placed upon the principal. In this scenario, the principal could not visualize (e.g., discover) or access the contents of the sub-folder even if adequate permissions are in place. This restrictive discoverablity is due to lack of adequate permissions to access the parent folder.
Another limitation of traditional systems is that a principal cannot operate on all the data at once. For example, a restriction for an operation such as “grant access to FABRIKAM\alice for all data in the tree-like structure rooted at a given node” would not be possible as restrictions may be in place that would limit access to some of the data in the tree-like structure. In some traditional systems, such operation is effected in the user context and rather than a system context.
Yet another limitation of some conventional systems is that accessing data requires adequate permissions in place for all of the containers from the point of connection to the immediate parent of the unit of data in addition to access permissions on the unit of storage. In other words, in some systems, even if the direct file path of the data is known, permission to access the data may be restricted if access permissions do not exist from the point of connection to the immediate parent where the data is stored.
Still another limitation is that, for effective enumeration on the existing file system model, traditional storage systems distinguish between data and metadata. For rich end-user types, this separation creates difficulty to recognize the distinction between metadata and data.