Permissions and roles are enforced at the node level. This is best explained by considering "Read" permission. Due to interactions with search (which indexes information at the node level) it makes sense that all properties have the same read access as the node. (If not, the values of properties could be deduced by how a readable node was found from a search on restricted properties). If you require finer grained permission for properties this can be achieved by using sub-nodes to partition those properties. Permissions that affect mutability could be enforced at the attribute level but they are not.
This quote is from wiki. Now imagine I have a document and need to add some properties with special ACL. Is it possible to create them as a sub-node as the wii suggests? and if yes how can I achieve this?
Basically different group of people needs to edit different group of properties on a document. And they should not have access to each others data. It should not be searched and showed in the search result either.
