Encyclopedia > Access control list

  Article Content

Access control list

The access control list (ACL) is a function of secure computing, used to enforce privilege separation[?].

The list is a data structure, usually a table, containing individual users or groups rights to specific system objects, such as a program, a process, or a file (in Microsoft-speak each entry in the ACL is an access control entry (ACE)). Each accessible object contains an identifier to its ACL. The privileges or permissions determine whether a user can read, write or execute in regard to a object.

The ACL is a concept, it is implemented differently by various operating system, although there is a POSIX standard.

ACL impementation can be quite complex, there can be the need for ACLs for the object, for directories and other containers, and for the objects and the containers created within this container. Different objects will also need different ACLs, rwx is enough for a file but there will need to be additional administrative privileges, while generalised security ACLs can have fifteen or more privileges set.

ACLs have been proven to be insecure under certain conditions and capability[?] is considered a better control, with the authority transferred from the objects being accessed to the objects seeking access - allowing for much finer-grained control.

discretionary access control list (DAC or DACL), system access control list (SACL), Rule set based access control (RSBAC)

All Wikipedia text is available under the terms of the GNU Free Documentation License

  Search Encyclopedia

Search over one million articles, find something about almost anything!
  Featured Article
Digital Rights Management

... DVD Consortium which restricted them from including certain features in their players such as a digital output which could be used to extract a high-quality digital copy ...

This page was created in 38.4 ms