Access control list definition
Access control list (ACL) refers to a list of permissions attached to an object, such as a file. It specifies who can access that object and what they can do with it. It not only helps protect sensitive data from unauthorized access, but also provides flexibility and accountability because access to files and resources is logged.
Discretionary access control list (DACL) is the most common ACL type. It defines what user groups are granted or denied access to an object. System access control list (SACL) specifies which access attempts should be logged for later audits.
ACLs are often used in file systems to control access to files and directories, databases to manage access to tables and specific views, and web applications to restrict access to functionalities or data.
See also: Network access control, Network access control lists
How does the access control list work?
Each entry in an ACL is called an access control entry (ACE). An ACE defines the permissions for a specific user or group. An ACE typically includes a principal, permissions, and type:
- Principal. The user or group to which the permissions apply.
- Permissions. The actions, such as reading, writing, or executing, allowed or denied.
- Type. Whether the ACE allows or denies permissions.
ACLs are usually evaluated in a specific order. For example, if an ACE denies access, it will override any following entries that grant access.
