(Requirement) Users can specify authorization rules for data objects, science metadata objects, and process artifacts separately
Users might be able to upload data and science metadata as an atomic operation, but each should be identified separately and access control rules should apply to the objects separately. For example, a user could grant public read access to a metadata object but only grant read access to certain colleagues for associated data objects.
Enabling access control at the same level of granularity of objects in the system ensures that complete control over object conglomerations (packages, etc) is available.
** All objects in the system have access control rules
** Separate rules can be associated with the elements of a package during operations at the package level (e.g. @@create@@)