Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
In a Microsoft context, the Access Control List (ACL) is the list of a system object's security information that defines access rights for resources like users, groups, processes or devices. The system object may be a file, folder or other network resource. The object's security information is known as a permission, which controls resource access to view or modify system object contents.
The Windows OS uses Filesystem ACL, in which the user/group permissions associated with an object are internally maintained in a data structure. This type of security model is also used in Open Virtual Memory System (OpenVMS) and Unix-like or Mac OS X operating systems.
The ACL contains a list of items, known as Access Control Entities (ACE), which holds the security details of each “trustee” with system access. A trustee may be an individual user, group of users or process that executes a session. Security details are internally stored in a data structure, which is a 32-bit value that represents the permission set used to operate a securable object. The object security details include generic rights (read, write and execute), object-specific rights (delete and synchronization, etc.), System ACL (SACL) access rights and Directory Services access rights (specific to directory service objects). When a process requests an object's access rights from ACL, ACL retrieves this information from the ACE in the form of an access mask, which maps to that object's stored 32-bit value.