On a previous thread, I got the great answer that a subsystem is actually an access
We have been using it as such, but some of the behavior seems odd.
On host_remove the sessions to the hosts are not disconnected, this means that even though
I removed the host from the ACL, it will have access, until it disconnects (although it
cannot connect another session).
In addition, a host can see all the subsystems exposed on the IP, even though it has
access to only some of them.
We would be happy to work on these issues, but I would like to understand the expected