This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.
The ACL permissions are not prescriptive, they can mean whatever you want them to mean, or you can write your own AbstractBasicAclEntry subclass that provides application-specific permissions.
Administration usually means "all permissions plus the ability to modify ACLs for this object". So a holder of administration can grant new privileges, whereas a user with write permissions can only write to the object (not its ACLs).