Presently the subentry subsystem associates entries with all selecting subentries regardless of autonomous area demarcations. What this means is AAA's can overlap. When the AP of an accessControlSpecificArea is the decendent of the AP of another accessControlSpecificArea those areas should not intersect such that the subentries of the first area do not effect entries of the second area. This is not the case. The subentry subsystem associates entries with effecting subentires without checking to see if those subentries are in a different AAA in these configurations where an AAA is under another AAA.
We need to track all AP of AAA's within the system. Before associating an entry with an AP's subentries checks should be made to determine under which AAA the entry resides. Only those subentries associated with that AAA should be associated with the entry.