Access control listsecure computing, used to enforce privilege separation. It is a means of determining the appropriate access rights to a given object given certain aspects of the user process that is requesting them, principally the process's user identity (in POSIX, uid).
The list is a data structure, usually a table, containing entries that specify individual users or groups rights to specific system objects, such as a program, a process, or a file. These entries are known as access control entries (ACE) in Microsoft Windows operating systems. Each accessible object contains an identifier to its ACL. The privileges or permissions determine specific access rights, such as whether a user can read, write or execute an object.
The ACL is a concept, with several different implementations in various operating systems, although there is a POSIX standard.
ACL implementations can be quite complex. ACLs can apply to objects, directories and other containers, and for the objects and the containers created within this container. ACLs cannot implement all of the security measures that one might wish to have an all systems, and a fine-grained capability-based operating system may be a better approach, with the authority transferred from the objects being accessed to the objects seeking access — allowing for much finer-grained control.
This article was originally based on material from the Free On-line Dictionary of Computing and is used with permission under the GFDL.