The IT Law Wiki


An access control list (ACL) is

[a] register of:
  1. users (including groups, machines, processes) who have been given permission to use a particular system resource, and
  2. the types of access they have been permitted."[1]
1. A list of permissions associated with an object. The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object.

2. A mechanism that implements access control for a system resource by enumerating the system entities that are permitted to access the resource and stating, either implicitly or explicitly, the access modes granted to each entity.[2]

[a] list of entities, together with their access rights, which are authorized to have access to a resource.[3]