Control permission

The control (c) permission gives you ownership of an ACL policy. As owner, we can modify entries in the ACL policy. Being able to modify entries in the ACL policy means we can create entries, delete entries, grant permissions, and take away permissions.

The administrator who wants to delete a permission from an ACL policy must have an entry in that ACL policy. The administrator must also have the control permission set in that entry.

With control permission, we can grant administration powers to another user, such as the ability to attach or detach that ACL policy to objects. Use the control permission with great care because of its powerful ownership properties.

Parent topic: Sparse security policy model