Questions tagged [acl]

An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object.

An access control list (ACL) specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation.

When a subject requests an operation on an object in an ACL-based security model the operating system first checks the ACL for an applicable entry to decide whether the requested operation is authorized. A key issue in the definition of any ACL-based security model is determining how access control lists are edited, namely which users and processes are granted ACL-modification access. ACL models may be applied to collections of objects as well as to individual entities within the system hierarchy.

Benefits of ACLs include:

easy to implement
easy to understand
extremely fine-grained: down to the user and the resource

Drawbacks of ACLs include:

too fine-grained and thus too hard to manage. The ACL management is on a per-object level
not context-aware: ACLs do not take time, location, or other attributes into consideration
doesn't scale: ACLs only work on a small set of objects and users.

Other access control models include rbac and abac which aim to address the shortcomings of acl.

More information can be found on Wikipedia's definition of access control lists.

2604 questions

votes

1 answer

Can I add range of ports in netsh add urlacl?

I use the following command to allow listening of specific HTTP ports: netsh http add urlacl url=http://+:[port]/ user=DOMAIN\UserName But if I need to open a range of ports, can I setup a single rule?

windows acl administration

asked Jul 17 '14 at 12:08

Igor Semenov

votes

2 answers

Is there a tool to generate SDDL (Security Descriptor Definition Language) strings?

Is there a tool to generate SDDL (Security Descriptor Definition Language) strings? I'd like to create them through Windows' Security property sheet or something similar.

windows security acl windows-security

asked Mar 28 '12 at 12:29

Ilya

5,225
2
25
54

votes

2 answers

Multiple levels of authorization, not only role-based

Our application uses multiple ways for authorizing access to a given resource. Although it's working, it's messy and... well, it doesn't seem right. 1) Role-based authorization We have well defined roles where each role has access to a set of the…

authorization acl

asked Mar 27 '12 at 17:49

Luiz Damim

3,595
2
24
30

votes

3 answers

How to filter my Doctrine queries with Symfony ACL

Symfony ACL allows me to grant access to an entity, and then check it: if (false === $securityContext->isGranted('EDIT', $comment)) { throw new AccessDeniedException(); } However, if I have thousands of entities in the database and the user has…

php symfony doctrine-orm doctrine acl

asked Feb 13 '13 at 16:49

Matthieu Napoli

42,736
37
154
239

votes

2 answers

Setting a file's ACL to be inherited

I am looking for a way in c# to reset a file's permissions to be inherited from the parent as if the file was created or copied to that directory. I can't seem to find anything on this from a file standpoint (I found a reference or two for…

c# acl

asked Oct 10 '12 at 04:17

Jim

1,892
1
19
39

votes

2 answers

Best way to manage user/group object permissions with Symfony2

I'd like to hear some thoughts on the best way to optimize our schema to achieve the following. We have a number of objects/db entries (events, venues, etc) some of which have children objects (meaning the same permissions apply - images, metas,…

symfony acl

asked Mar 11 '12 at 05:39

cyberwombat

31,246
30
143
210

votes

2 answers

When should I use ACL in my application

I am pretty much confused as to when I should implement an ACL (access control list) system in my application though I can easily manage permissions on groups simply by fetching the session group id and restricting the access using the Auth…

security permissions acl

asked Jul 02 '10 at 09:29

Gaurav Sharma

2,828
1
35
54

votes

1 answer

Uploading a file to AWS S3 with ACL set to public_read

In my Rails app I save customer RMA shipping labels to an S3 bucket on creation. I just updated to V2 of the aws-sdk gem, and now my code for setting the ACL doesn't work. Code that worked in V1.X: # Saves label to S3 bucket s3 = AWS::S3.new …

ruby-on-rails ruby amazon-s3 acl aws-sdk

asked Feb 18 '15 at 18:58

bnzelener

votes

2 answers

Get-ChildItem -force reports "Access Denied" on My Documents folder and other junction points

I have a script that I wrote that replaces files. I pass params to it for the name of the file, and the base location to search from. The worker lines are: $SubLocations = Get-ChildItem -Path $Startlocation -Recurse -include $Filename -Force | …

powershell acl access-denied

asked Jun 06 '14 at 12:36

Kevin_

2,509
2
17
18

votes

3 answers

Security component from Symfony 2.0 as standalone

I'm trying to add Symfony 2.0 ACL to my frameworkless PHP application. Because of the lack of documentation on how to use Security component as standalone I've got totally confused and I've got stucked with questions: What class to include first?…

php security symfony acl

asked Apr 11 '12 at 10:11

Marina982

votes

1 answer

Checking folder/file ntfs permissions using python

As the question title might suggest, I would very much like to know of the way to check the ntfs permissions of the given file or folder (hint: those are the ones you see in the "security" tab). Basically, what I need is to take a path to a file or…

python winapi permissions acl ntfs

asked May 22 '09 at 06:48

shylent

9,800
6
34
54

votes

4 answers

How to use class-scope aces in Symfony2?

I've got a problem with class-scope aces. I've created an ace for a class like this : $userIdentity = UserSecurityIdentity::fromAccount($user); $classIdentity = new ObjectIdentity('some_identifier', 'Class\FQCN'); $acl =…

symfony acl

asked Nov 07 '11 at 14:10

Stefk

votes

1 answer

spring-security how ACL grants permissions

I'm currently integrating springs-security into our new web application stack. We will need to be able to grant permissions for a user or role to access a specific object or all objects of a certain type. However that's one thing I didn't really get…

permissions spring-security acl

asked Sep 20 '11 at 07:58

Pete

9,930
22
87
134

votes

1 answer

AWS S3 - ACL vs. CORS configuration vs. bucket/object permissions

It seems that Access Control Lists (ACL), CORS configurations, and the permissions for each bucket and object all come into play when configuring the access settings for S3 buckets/objects. Can someone explain the difference between these and how…

amazon-web-services amazon-s3 cors acl

asked Sep 22 '16 at 04:00

lsimmons

votes

1 answer

How should ACL work in a REST API?

A REST API is written in ExpressJs 4.x.x / NodeJS. Let's assume an interface : app.delete('/api/v1/users/:uid', function (req, res, next) { ... } So with that interface users can be deleted. Let's assume there are 2 Customers in the system, and…

node.js rest express acl

asked Jun 23 '15 at 09:30

Schemiii

Prev 1 2

…

99 100 Next