ACLs
E805874
ACLs (Access Control Lists) are security mechanisms that define and enforce which users or systems are permitted to access specific resources and what operations they are allowed to perform.
Observed surface forms (1)
| Surface form | Occurrences |
|---|---|
| Access control list | 0 |
Statements (63)
| Predicate | Object |
|---|---|
| instanceOf |
authorization mechanism
ⓘ
computer security mechanism ⓘ |
| abbreviation | ACL ⓘ |
| appliesTo |
APIs
ⓘ
cloud resources ⓘ database objects ⓘ directories ⓘ files ⓘ network devices ⓘ |
| benefit |
auditable access rules
ⓘ
centralized permission management ⓘ fine-grained access control ⓘ |
| canBe |
stateful
ⓘ
stateless ⓘ |
| componentOf |
discretionary access control
ⓘ
mandatory access control ⓘ role-based access control implementations ⓘ |
| contains | access control entries ⓘ |
| controls |
delete permission
ⓘ
execute permission ⓘ inbound traffic ⓘ network traffic filtering ⓘ outbound traffic ⓘ read permission ⓘ write permission ⓘ |
| defines |
allowed operations on resources
ⓘ
which subjects can access which objects ⓘ |
| exampleImplementation |
AWS S3 bucket ACLs
NERFINISHED
ⓘ
Azure storage ACLs NERFINISHED ⓘ Cisco IOS ACLs NERFINISHED ⓘ GCP Cloud Storage ACLs ⓘ POSIX ACLs NERFINISHED ⓘ Unix file permission ACLs ⓘ Windows NTFS ACLs NERFINISHED ⓘ |
| fullName | Access Control List ⓘ |
| policyModel |
blacklisting
ⓘ
whitelisting ⓘ |
| relatedConcept |
access control entry
ⓘ
authorization policy ⓘ capability-based security ⓘ discretionary access control ⓘ identity and access management ⓘ mandatory access control ⓘ role-based access control ⓘ |
| represents | list of access control entries ⓘ |
| risk |
complexity in large environments
ⓘ
misconfiguration ⓘ overly permissive access ⓘ |
| specifiedBy |
entries mapping subjects to permissions
ⓘ
rules ⓘ |
| usedFor |
controlling access to resources
ⓘ
defining permissions ⓘ enforcing authorization policies ⓘ |
| usedIn |
cloud storage services
ⓘ
databases ⓘ directory services ⓘ file systems ⓘ firewalls ⓘ network routers ⓘ object storage systems ⓘ operating systems ⓘ switches ⓘ web servers ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.