An access control list (ACL) is a table that tells a computer what permissions each user has to access various resources, such as files, directories, and registry keys. Each entry in an ACL specifies a subject, such as a user or group account, and an object, such as a file or directory, and the permissions that the subject has for that object.
In Windows NT-based systems, ACLs are implemented as security descriptors. A security descriptor contains two ACLs: a discretionary ACL (DACL) and a system ACL (SACL). The DACL specifies the permissions that users and groups have to access an object. The SACL specifies what actions on the object should be audited.
When an attempt is made to access an object, the operating system checks the ACEs in the object’s DACL to see if the requesting user has the necessary permissions. If the SACL is present, then any actions taken on the object are logged to the security event log.
The following are some of the more common acl types: Discretionary Access Control Lists (DACLs), System Access Control Lists (SACLs), Primary Access Control Lists (PACLs), Default Discretionary Access Control Lists (Default DACLs), and Dynamic Discretionary Access Control Lists (Dynamic DACLS).
