One of the coolest things about AFS are the users and groups.
Standard users can create new groups. They become the owner of that group and can add people to it, and then use that group for ACLs.
The main tool here is pts. See OpenAfsUserCrashCourse.
|system:authuser||Logged in users|
|system:administrators||This is where the cool people go. They can do anything.|