The current model is that authorization statements can be placed on files and datasets.

However the current implementation model and requirements do no match. We have had explicit statements that we do not want to place access control on files, only datasets.

Various parts of the implementation are inconsistent. Some parts of the application check the just the dataset, others the file. So we have potential cases where the system may get out of sync and not behave as expected.

Removing the ability to assign access control statements from files would have several significant benefits (essentially, LogicalFile no longer inherits from Resource).

* Our model matches the requirements, access control statements go on datasets.
* Simpler DB design.
* Simpler lookups and object model, authorization only on datasets.
* Performance benefits on LogicalFile, eliminate many extra DB queries and joins, this can be in the 10's of thousands for the download pages.
* Greatly simplifies DB setup for testing.

Note: Having LogicalFile and Dataset have the same superclass seems to be a questionable model. Resource offers persistent identifiers and access control. Files aren't meant to be citable, thus PersistentIdentifier doesn't necessarily make sense. Have access control on files goes against gathered requirements and the actual implementation.