Under the present invention, when an event is received on a server, it is stored and then categorized. In being categorized, an event group pertaining to the event is identified. Based on the group of events, a set (e.g., one or more) of destinations to which the event should be routed can be determined. The group of events is then associated with an access control list (ACL) that contains entries identifying users (or groups of users) and their permissions to interact with events in that group. Once the association is made, the event and optionally the ACL is routed to the appropriate destinations. Based on the permissions contained in the ACL, the destinations will interact with the event accordingly.