We have a bit of an ACL count issue. Currently we have several roles with large ACL lists. Our users then belong to multiple AD groups which shoots our ACL count well past 60,000. It would appear that we could have the same setup with a reduced ACL count if we combine the ACLs and then use detailed rules using the same AD groups.
My question is if this will work as expected and each user would use the same ACL and then have their access limited to what they have via the detailed rule, or do the detailed rules essentially just build unique ACLs for the user and all we will accomplish is reshuffling our problem.