Access-Control List (ACL)

An Access-Control List (ACL) is a list of permissions associated with a system resource (object).

• Example(s):
  • Filesystem ACLs ━ that filter access to files and/or directories.
  • Networking ACLs ━ that filter access to the network.
  • Database Access-Control List.
  • …
• See: System Resource, Computer Security.

References

2022

• (Wikipedia, 2022) ⇒ https://en.wikipedia.org/wiki/Access-control_list Retrieved:2022-4-28.
  • In computer security, an access-control list (ACL) is a list of permissions associated with a system resource (object). An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation. For instance, if a file object has an ACL that contains , this would give Alice permission to read and write the file and only give Bob permission to read it.

2021

• https://www.imperva.com/learn/data-security/access-control-list-acl/
  • QUOTE: ... An access control list (ACL) contains rules that grant or deny access to certain digital environments. There are two types of ACLs:
    • Filesystem ACLs━filter access to files and/or directories. Filesystem ACLs tell operating systems which users can access the system, and what privileges the users are allowed.
    • Networking ACLs━filter access to the network. Networking ACLs tell routers and switches which type of traffic can access the network, and which activity is allowed.
  • Originally, ACLs were the only way to achieve firewall protection. Today, there are many types of firewalls and alternatives to ACLs. However, organizations continue to use ACLs in conjunction with technologies like virtual private networks (VPNs) that specify which traffic should be encrypted and transferred through a VPN tunnel.
  • Reasons to use an ACL:
    • Traffic flow control
    • Restricted network traffic for better network performance
    • A level of security for network access specifying which areas of the server/network/service can be accessed by a user and which cannot
    • Granular monitoring of the traffic exiting and entering the system