Access control list


Access control list

In computer security, an access control list (ACL) is a list of permissions attached to an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. In a typical ACL, each entry in the list specifies a subject and an operation: for example, the entry (Alice, delete) on the ACL for file XYZ gives Alice permission to delete file XYZ.

ACL-based security models

In an ACL-based security model, when a subject requests to perform an operation on an object, the system first checks the list for an applicable entry in order to decide whether to proceed with the operation. A key issue in the definition of any ACL-based security model is the question of how access control lists are edited. For each object; who can modify the object's ACL and what changes are allowed.

Systems that use ACLs can be classified into two categories: discretionary and mandatory. A system is said to have discretionary access control if the creator or owner of an object can fully control access to the object, including, for example, altering the object's ACL to grant access to anyone else. A system is said to have mandatory access control (also known as "non-discretionary access control" in the security literature) if it enforces system-wide restrictions that override the permissions stated in the ACL.

Traditional ACL systems assign permissions to individual users, which can become cumbersome in a system with a large number of users. In a more recent approach called role-based access control, permissions are assigned to roles, and roles are assigned to users.

File system ACLs

On file systems the process's user identifier (in POSIX, effective UID) is the principal means of control.

The list is a data structure, usually a table, containing entries that specify individual user or group rights to specific system objects, such as a program, a process, or a file. These entries are known as access control entries (ACEs) in the Microsoft Windows, OpenVMS, Linux and Mac OS X operating systems. Each accessible object contains an identifier to its ACL. The privileges or permissions determine specific access rights, such as whether a user can read from, write to, or execute an object. In some implementations an ACE can control whether or not a user, or group of users, may alter the ACL on an object.

The ACL is a concept with several different implementations in various operating systems, although there is a POSIX "standard". (The POSIX security drafts, .1e and .2c, were withdrawn when it became clear their scope was too wide and the work would not complete, but the well-developed parts defining ACLs have been widely implemented and are known as "POSIX ACLs".)

Networking ACLs

In networking, ACL refers to a list of rules detailing service ports or (network) daemon names that are available on a host or other layer 3 device, each with a list of hosts and/or networks permitted to use the service. Both individual servers as well as routers can have network ACLs. Access control lists can generally be configured to control both inbound and outbound traffic, and in this context they are similar to firewalls.

ee also

* Standard Access Control List, Cisco-IOS configuration rules
* Role-based access control
* Confused deputy problem
* Capability-based security

External links

* [http://aclbit.sourceforge.net/ ACLbit - ACL Backup and Inspect Tool for Linux]


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Access control list — Pour les articles homonymes, voir ACL. Access Control List (ACL), en français liste de contrôle d accès, désigne deux choses en sécurité informatique : un système permettant de faire une gestion plus fine des droits d accès aux fichiers que… …   Wikipédia en Français

  • Access Control List — Saltar a navegación, búsqueda Lista de control de acceso Obtenido de Access Control List …   Wikipedia Español

  • Access Control List — Access Control List,   ACL …   Universal-Lexikon

  • Access Control List — Muster einer ACL Eine Access Control List, auch ACL, deutsch Zugriffssteuerungsliste, ist eine Software Technik, mit der Betriebssysteme und Anwendungsprogramme Zugriffe auf Daten und Funktionen eingrenzen können. Eine ACL legt fest, welcher… …   Deutsch Wikipedia

  • Access Control List — Pour les articles homonymes, voir ACL. Access Control List (ACL), en français liste de contrôle d accès, désigne deux choses en sécurité informatique : un système permettant de faire une gestion plus fine des droits d accès aux fichiers que… …   Wikipédia en Français

  • access control list — prieigos teisių sąrašas statusas T sritis informatika apibrėžtis Sąrašas ↑prieigos teisių prie sistemos išteklių, kurios suteikiamos jos naudotojams arba jų grupėms. Prieigos teisės tam pačiam ištekliui (failui, katalogui, įtaisui) gali būti… …   Enciklopedinis kompiuterijos žodynas

  • access control list — noun A security scheme for file level security (as opposed to traditional user, group levels, or the somewhat stricter role levels.) Abbreviated ACL. The hackers broke through the B security model, so no more role level security; all critical… …   Wiktionary

  • access control list —    Abbreviated ACL. A list or table containing information about the users, processes, and objects that can access a specific file or object. ACLs are usually attached to file system directories, and they specify access permissions such as read,… …   Dictionary of networking

  • Access Control List — …   Википедия

  • Standard Access Control List — Standard Access Control Lists (ACL) are Cisco IOS based commands used to filter packets on Cisco routers based on the source IP Address of the packet. Extended Access Control Lists have the ability to filter packets based on source and… …   Wikipedia


Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.