Language: English Updated: 2026-04-20

Access-control list

An access-control list (ACL) is a data structure used in computer systems, network devices, and software applications to define and enforce permissions that specify which users or system processes are granted access to particular objects, such as files, directories, network resources, or services, and what operations they may perform on those objects (e.g., read, write, execute, delete).

Definition and Purpose
An ACL consists of a set of entries, each of which pairs a security principal (such as a user account, group, or role) with a set of allowed or denied actions. When an access request is made, the system consults the relevant ACL to determine whether the request complies with the defined permissions. This mechanism enables fine-grained, discretionary control over resource usage beyond the coarse-grained permissions traditionally offered by simple owner/group/other models.

Historical Development
The concept of ACLs emerged in the late 1970s and early 1980s within early operating systems that required more flexible security models. Early implementations appeared in the Multics operating system and later in the Unix System V Release 4 (SVR4) with the introduction of the POSIX.1e draft standard for file system ACLs. Commercial operating systems such as IBM's OS/2, Microsoft Windows NT, and Novell NetWare adopted ACLs for file system and network resource security.

Types of ACLs

  • File-system ACLs – Used by operating systems to control access to files and directories. Examples include NTFS ACLs in Microsoft Windows, ext4 and XFS ACLs in Linux (implemented via the POSIX ACL extensions), and ZFS ACLs in Solaris and OpenZFS.
  • Network ACLs – Implemented on routers, firewalls, and switches to permit or deny traffic based on source/destination IP addresses, ports, protocols, or other packet attributes. These are commonly referred to as packet-filtering ACLs.
  • Object-oriented ACLs – Employed in databases, directory services (e.g., LDAP), and application servers to regulate access to individual records, schema objects, or service endpoints.
  • Capability-based ACLs – Represented as tokens or keys that encapsulate the authority to perform specific actions, often used in distributed systems and cloud platforms.

Structure of an ACL Entry
A typical ACL entry (often called an ACE—Access Control Entry) contains:

  1. Principal identifier – A user name, group name, role, or security identifier (SID).
  2. Permission mask – A set of bits or symbolic flags indicating allowed or denied operations (e.g., read, write, execute).
  3. Inheritance flags (optional) – Indicate whether the entry should propagate to child objects (common in hierarchical file systems).
  4. Audit flags (optional) – Specify whether successful or failed access attempts should be logged.

Evaluation Model
ACL evaluation follows a deterministic algorithm that typically processes entries in order, applying explicit deny rules before allow rules. The exact semantics can vary across implementations; for example, Windows NT ACLs use a “Deny‑override” model, whereas POSIX ACLs apply the most restrictive permission among overlapping entries.

Standards and Specifications

  • POSIX.1e (draft) – Provides a standard for ACLs on Unix-like file systems, defining both Access ACLs (permissions) and Default ACLs (inheritance).
  • Microsoft Security Descriptor Definition Language (SDDL) – Describes the format of ACLs in Windows security descriptors.
  • IETF RFC 6819 – Discusses ACLs in the context of network security for transport-layer protocols.

Comparison with Alternative Models

  • Role‑Based Access Control (RBAC) – Assigns permissions to roles rather than to individual users; ACLs can be used to implement RBAC by granting role principals specific entries.
  • Mandatory Access Control (MAC) – Enforces system-wide policies (e.g., SELinux, Trusted Solaris) that supersede discretionary ACLs.

Applications

  • Operating System Security – Managing file and directory permissions on Windows, Linux, and macOS.
  • Network Security – Configuring firewalls and routers to filter traffic based on ACLs.
  • Database Management – Controlling row‑level or column‑level access in relational databases.
  • Cloud Services – Defining bucket policies and object ACLs in storage services such as Amazon S3 or Google Cloud Storage.

Limitations

  • Scalability – Large numbers of ACEs can degrade performance during access checks.
  • Management Complexity – Maintaining consistent ACLs across many objects can be error‑prone, leading to “over‑privileged” or “under‑privileged” configurations.
  • Granularity vs. Usability – Very fine‑grained ACLs may increase administrative overhead compared with higher‑level models like RBAC.

See Also

  • Access control
  • Role‑based access control (RBAC)
  • Mandatory access control (MAC)
  • Capability-based security
  • Security descriptor (Windows)
  • POSIX ACL

References

  • IEEE Std 1003.1e‑2004, “POSIX.1e: Security Extensions.”
  • Microsoft Docs, “Access Control Lists (ACLs) Overview.”
  • RFC 6819, “Security Considerations for the Transport Layer.”

This entry reflects information available from widely recognized technical standards, operating system documentation, and academic literature.

Browse

More topics to explore