Skip to main content


Home Access control entry

Access control entry

(also ACE)

Access control entry definition

Access control entries (ACEs) refer to information in an access control list that describes the access permissions of a single user or a group of users. Each access control entry has an ID that identifies the individual or subject group. Access control lists are ordered lists containing many access control entries that define the access rights of different individuals or groups.

What each ACE contains

Each access control entry contains the following:

  • A security identifier (SID) for a particular user or group
  • Bit flags, determining whether child objects can inherit the ACE
  • A flag indicating the ACE type
  • An access mask that specifies permission rights

How access control entries work

Access control entries are important for the overall security of a given system. They manage all access to the object in question (whether it’s a platform, a program, or software). ACEs define who can access the object and at what level.

  • User access. ACEs use the credentials and rights associated with the user to log them in to the system.
  • Program access. When a program attempts to access the object, the operating system compares the credential the program uses with the security control assigned in the access control list.