This API call should be treated as under development. The current API specification supports a richer set of semantics than we intend to retain in future releases, and the details for this call are still under review. Semantically, clients can depend on fine grained CIDR based access control (as currently exposed) but for group based access control clients should only depend on the ability to control access for an entire (user,group) tuple. Fine grained group based access control at the protocol and port or icmp code:type level are not guaranteed to be supported in future releases of this API. This API call should be treated as under development. The current API specification supports a richer set of semantics than we intend to retain in future releases, and the details for this call are still under review. Semantically, clients can depend on fine grained CIDR based access control (as currently exposed) but for group based access control clients should only depend on the ability to control access for an entire (user,group) tuple. Fine grained group based access control at the protocol and port or icmp code:type level are not guaranteed to be supported in future releases of this API.