Oh my. Too late now, but the security model should have been the FIRST thing you built, not the LAST thing. That aside, the XI security model can be extremely complex (you’ve probably figured that out!). However, since you are on XI 3.x, you have an advantage. There are some thoughts here … XI 3.0 Security for Mere Mortals … to get you started. I think it gives suggestions that will cover all of your requirements.
Dwayne Hoffpauir 
(BOB member since 2002-09-19)