Not necessarily, if you use an actor-model where content is addressable using cryptographic keys, then you can get an object-capability system where having a reference to a piece of content is sufficient to grant access to it. This seems to be the way that some people are going with newer designs.
Also, the way you ban people is basically by having unique capabilities handed out to everyone. Then you can do various things to stop access (it's called a revoker in ocap jargon). See http://habitatchronicles.com/2017/05/what-are-capabilities/
Also, the way you ban people is basically by having unique capabilities handed out to everyone. Then you can do various things to stop access (it's called a revoker in ocap jargon). See http://habitatchronicles.com/2017/05/what-are-capabilities/