ACL Simulator

Use this page as the hands-on companion to ACL Explained. It lets you show the model live instead of only describing it with static examples.

The simulator follows the real rule shape:

• Connections carry one compartment and one sensitivity label.
• Scopes grant one or more compartments with a maximum sensitivity ceiling.
• A user's effective access is the union of all their scopes, resolved per compartment.
• Content is visible only when both the compartment and sensitivity checks pass.

Interactive Model

CoreCube ACL simulator

Add or remove compartments, connections, scopes, and users to show how CoreCube resolves access at retrieval time. The effective ceiling is calculated per compartment, so one extra scope widens only the compartments it actually grants.

Configuration

Adjust the model without pushing the matrix down

Confluence - Companyall-staffpublic

Confluence - Engineeringengineeringinternal

Confluence - HR Policieshrconfidential

Board Reports (SharePoint)financerestricted

GitHub Wiki - Engineeringengineeringinternal

Effective Access

Access matrix for Alice

Inspect userAlice (Engineer)Bob (HR Manager)Carol (Office Manager)Dave (CTO)

Compartments (2)

all-staffup to internal

1 of 1 connection visible

engineeringup to internal

2 of 2 connections visible

Scopes (1)

Engineeringinternal

grants 2 compartments · all-staff, engineering

Connections (3/5)

Confluence - Companypublic

all-staff

Confluence - Engineeringinternal

engineering

GitHub Wiki - Engineeringinternal

engineering

2 connections are blocked by compartment or sensitivity rules.

VisibleHidden

public

internal

confidential

restricted

all-staff

Visible

Visible

-

-

engineering

Visible

Visible

-

-

hr

-

-

-

-

finance

-

-

-

-

Test Lookup

Would this document be returned?

Compartmentall-staffengineeringhrfinanceSensitivitypublicinternalconfidentialrestricted

Visible

engineering is in Alice's access map, and that compartment is allowed up to internal. A internal document passes both checks.

Good demos to try

1. Add a second scope to a user and show that access widens only for the compartments in that new scope.
2. Create a new connection in an existing compartment and show that eligible users see it immediately without any user-to-connection mapping.
3. Raise a scope from internal to confidential and watch the matrix expand one column to the right for only that scope's compartments.
4. Remove a compartment from the model and show how it disappears from scopes, connections, and query checks.