Encyclopedia > Access control list

  Article Content

Access control list

The access control list (ACL) is a function of secure computing, used to enforce privilege separation[?].

The list is a data structure, usually a table, containing individual users or groups rights to specific system objects, such as a program, a process, or a file (in Microsoft-speak each entry in the ACL is an access control entry (ACE)). Each accessible object contains an identifier to its ACL. The privileges or permissions determine whether a user can read, write or execute in regard to a object.

The ACL is a concept, it is implemented differently by various operating system, although there is a POSIX standard.

ACL impementation can be quite complex, there can be the need for ACLs for the object, for directories and other containers, and for the objects and the containers created within this container. Different objects will also need different ACLs, rwx is enough for a file but there will need to be additional administrative privileges, while generalised security ACLs can have fifteen or more privileges set.

ACLs have been proven to be insecure under certain conditions and capability[?] is considered a better control, with the authority transferred from the objects being accessed to the objects seeking access - allowing for much finer-grained control.

discretionary access control list (DAC or DACL), system access control list (SACL), Rule set based access control (RSBAC)



All Wikipedia text is available under the terms of the GNU Free Documentation License

 
  Search Encyclopedia

Search over one million articles, find something about almost anything!
 
 
  
  Featured Article
Shinnecock Hills, New York

... 5.4 km² (2.1 mi²) of it is land and 0.6 km² (0.2 mi²) of it is water. The total area is 9.61% water. Demographics As of the census of 2000, ...

 
 
 
This page was created in 22 ms