Page rights, inheritance, precedence and implicit behaviour

Hi,

I’m currently trying to set page access rights using via REST to implement rights management to mirror ACL permissions on a Windows SMB share. However, I’m struggling to reconcile the Windows permissions model with XWiki’s, specifically the fact that no set permissions means inheritance allowed (or general access at the top level), whereas as soon as permissions are explicitly set for one page, one user and one category, access in that rights category is implicitly denied for everyone else, taking precedence over inherited rights that those other user might have.

Is there a way to disable all ‘horizontal’ implicit behavior, i. e. make it that no rights set means no access for anybody and inheritance is never blocked? I guess what I’m asking is, can I make XWiki rights management more like Windows-style ACL (sans the ‘Disable inheritance’ option)?

To illustrate what I’m trying to say:

  • Page 1: Page&children - Admin1 holds all rights; Page - User1, User2 may view
    • Page 1.1: Page&children - User1 may view, edit; Page - User1, User2 may view
      • Page 1.1.1: Page&children - User2 may view, edit
      • Page 1.1.2: No rights set

In this example, I would like User1 to view and edit Page 1.1 and all of its descendants. However, as soon as User2’s rights are set for Page 1.1.1, it will become inaccessible for User1.
How would I go about allowing User1 access to Page 1.1.1 in this and all similar cases without micromanaging it down the page tree for each case?

Best,
Andreas