I had recently written about the benefits of using spring-security-core the other plugins that extend its capability are what make it truly valuable. One such use case is managing user permissions.

Spring Security ACL makes it much easier to implement object level permissions and maintaining access control lists in your Grails app.

Flat domain structure

It has a very flat domain structure making it an ideal starting place for both SQL and NoSQL databases.

Bulletproof your business logic with DRY access control

There are some neat annotations available that will do the pre and post access checks on your service methods:

@PreAuthorize("hasRole('ROLE_USER')")
@PostFilter("hasPermission(filterObject, read) or " +
			"hasPermission(filterObject, admin)")
List getAllReports(params = [:]) {
	Report.list(params)
}

The above service method call has two checks, the first checks if the user has the mentioned role and filters out any list items that the user might not have access to. This becomes very handy when you have query that produces limited results and you don't want to rely on joins or you are on a NoSQL based system. (I have not tested this on NoSQL yet).

Generic permissions that are easily extensible

It provides the basic READ, WRITE, CREATE, DELETE and ADMINISTRATION permissions by default but can be easily extended to add more custom permissions

Utility classes and integration with Spring Security Core

This too has a couple of utility classes that makes managing the permissions much easier like AclUtilService and AclService

The biggest advantage by far is its integration with the rest of the spring security ecosystem.