System and method for recursive propagating application access control

What is claimed is: 1. A computer-implemented method for managing access control of shared contents on a cloud storage system, the method comprising: obtaining, from a user at the cloud storage system, an access authorization indication message indicating that an entity is granted access to a parent folder in a folder hierarchy containing a first file and a child folder, the parent folder being stored at the cloud storage system, the entity being different from a creator of the first file and the entity being a third party application; modifying, by a processor at the cloud storage system, an access control rule associated with the parent folder, the access control rule specifying that the entity has access to the parent folder based on the access authorization indication message, specifying a file type associated with the first file, and including an application-specific data entry that indicates an access status of the entity; and asynchronously propagating, by the processor at the cloud storage system, the modified access control rule to the child folder, the asynchronously propagating of the modified access control rule comprising: receiving an access request from the entity to access a second file in the child folder of the parent folder in the folder hierarchy, responsive to the receiving of the access request from the entity to access the second file in the child folder and determining that an access control rule associated with the child folder does not specify access to files in the child folder for the entity, performing a fallback search based on the folder hierarchy by searching the folder hierarchy for an upper folder of the child folder with an access control rule specifying that the entity has access to the upper folder and also specifying a file type associated with the second file, responsive to finding the upper folder with the access control rule specifying that the entity has access to the upper folder and also specifying the file type associated with the second file, automatically granting, by the processor at the cloud storage system, the entity access to the second file in the child folder and modifying the access control rule associated with the child folder to specify that the entity has access to files in the child folder based on the access control rule of the upper folder, the upper folder being the parent folder, and responsive to not finding the upper folder having the access control rule specifying that the entity has access to the upper folder and also specifying the file type associated with the second file, automatically denying, by the processor at the cloud storage system, the entity access to the second file in the child folder without user manual configuration of access denial for the second file. 2. The method of claim 1 , further comprising: verifying the user has right to grant access control to the first file in the parent folder. 3. The method of claim 1 , wherein the entity is a third-party entity that is different from a user or the cloud storage system that hosts the parent folder. 4. The method of claim 1 , wherein the parent folder is accessible by a remote entity via a network. 5. The method of claim 1 , wherein the access control rule includes an application Access Control List (ACL) entry. 6. The method of claim 1 , wherein the access authorization indication message is obtained at the cloud storage system in response to any of the following: when the first file is opened via the entity; when a change to the first file opened via the entity is stored at the cloud storage system; and when the first file is created via the entity. 7. The method of claim 1 , wherein the parent folder is a subfolder of a grandparent folder. 8. The method of claim 1 , wherein the access authorization indication message includes user identifying information, and entity access to the second file is granted when the entity attempts to access the second file on behalf of a user having the user identifying information. 9. The method of claim 1 , further comprising: receiving an access request from the entity to access a third file in the child folder; and declining the access request based on the modified access control rule associated with the child folder based on a file type of the third file. 10. The method of claim 9 , further comprising: receiving an access revocation indication to withdraw access authorization for the entity to access to the first file in the parent folder; and removing the access control list entry from the access control rule associated with the parent folder and the access control rule associated with the child folder when the access revocation indication includes an uninstallation of the entity. 11. The method of claim 1 , further comprising: receiving a second access authorization indication to grant the entity access to the first file; granting the entity access to the first file without propagating any access authorization to other files or subfolders in the parent folder. 12. A computer-implemented method for managing access control of shared contents, the method comprising: obtaining, at a cloud storage system, an access authorization indication message indicating that a user grants an entity access to a first folder containing a first file and a second folder, wherein: the first folder is a parent folder of the second folder in a folder hierarchy, and the entity is different from a creator of the first file and is a third party application; modifying, by a processor at the cloud storage system, a first access control list associated with the first folder based on the access authorization indication, wherein a modification to the first access control list includes an access control list entry including user identifying information of the user, entity information, a file content type and an application-specific data entry that indicates an access status of the entity; and asynchronously propagating, by the processor at the cloud storage system, the modified first access control list to the second folder, the asynchronously propagating of the modified first access control list comprising: receiving an access request to access a second file in the second folder from the entity, responsive to the receiving of the access request from the entity to access the second file in the second folder and determining that a second access control list associated with the second folder does not specify access to files in the second folder for the entity, performing a fallback search based on the folder hierarchy by searching the folder hierarchy for an upper folder of the second folder with an access control list specifying that the entity has access to the upper folder and also specifying a file content type associated with the second file, responsive to finding the upper folder with the access control list specifying that the entity has access to the upper folder and also specifying the file content type associated with the second file, automatically granting, by the processor at the cloud storage system, the entity access to the second file in the second folder and modifying the second access control list associated with the second folder to specify that the entity has access to files in the child folder based on the access control list of the upper folder, the upper folder being the first folder that is the parent folder of the second folder, and responsive to not finding the upper folder having the access control list specifying that the entity has access to the upper folder and also specifying the file content type associated with the second file, automatically denying the entity access to the second file w