Okay, so I tried the following: I added an acs_rel of type parent_rel to the uni_group, creating a relationship between a user and this group as a parent. I also added a relational segment to the same uni_group on rel type parent_rel. When I looked in the party_approved_member_map, I didn't see any extra rows, I was thinking that one would show up for the relational segment, but it didn't.
So instead of using acs_rel__new, I used membership_rel__new to add the parent_rel. Looking in the mapping table I had the following:
v=# select * from party_approved_member_map where member_id = 823;
party_id | member_id | tag
----------+-----------+------
1169 | 823 | 1174
1161 | 823 | 1174
-1 | 823 | 824
291 | 823 | 824
-2 | 823 | 824
823 | 823 | 0
The new membership_rel is 1174, so the top two rows were created because of this relationship. 1169 is due to the relational segment, 1161 is due to the new membership of 823 in the uni_group 1161. So I could now assign privs on either of these two party_id's, this is the join point to the acs_permissions grantee_id. The relational segment would be helpful if I wanted to assign the same permissions to all parties to that segment, ie, all uses with rel_type of parent_rel. Assigning pemissions to the 1161 would apply to all members. If I needed specific privileges to a specific member, they would have to be directly assigned.
Does this sound right?
