An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object.
An access control list (ACL) specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation.
When a subject requests an operation on an object in an ACL-based security model the operating system first checks the ACL for an applicable entry to decide whether the requested operation is authorized. A key issue in the definition of any ACL-based security model is determining how access control lists are edited, namely which users and processes are granted ACL-modification access. ACL models may be applied to collections of objects as well as to individual entities within the system hierarchy.
Benefits of ACLs include:
- easy to implement
- easy to understand
- extremely fine-grained: down to the user and the resource
Drawbacks of ACLs include:
- too fine-grained and thus too hard to manage. The ACL management is on a per-object level
- not context-aware: ACLs do not take time, location, or other attributes into consideration
- doesn't scale: ACLs only work on a small set of objects and users.
Other access control models include rbac and abac which aim to address the shortcomings of acl.
More information can be found on Wikipedia's definition of access control lists.
