It's always very amusing to read about problems with permissions and ACLs within Unix and Windows. I cannot understand why developers don't look at the model Novell developed for their Netware systems in the 1980's already.
In Netware, you could quickly define an unlimited number of users/groups to a dir/file with any privileges that should be available, and you are finished. The filesystem did *not* have to go down to every file and write that ACL/permission there.
I remember we had a big hierarchical tree, with every department having their working dir, and within that could define another department having access to some subsdirs if wanted. Like this, everything was secure, and every needed access was quickly possible.
Really, if someone would use that approach for a Linux filesystem, the world would be easier and better. Maybe the btrfs devs read this, then they should look at Netware 3, which already had this neat ACL solution.