...
Each Entity is controlled by an ACL. An entity can either have its own ACL or it can inherit the ACL of its first ancestor with that has an ACL. The ID of the entity that owns the ACL that controls its access is called the Entity's 'benefactor'. When Entity has its own ACL, its benefactor equals its own entity ID. When an Entity inherits its ACL from an ancestor, then the entity's benefactor equals the ID of the ancestor. The entity's benefactor ID is used in all authorization checks. Since walking the entity hierarchy is expensive and complicated to do in SQL, each entity's benefactor ID is cached.
...