Access control list policies

Access control list policies

An access control list policy, or ACL policy, controls what operations a user can perform on the resource and who can perform them. It is a set of rules or permissions that specify the conditions that are necessary to perform certain operations on a resource. ACL policy definitions are components of the security policy that establish the secure domain. ACL policies define organizational security requirements to the resources in the protected object space. ACL policies also provide the authorization service with information to make a yes or no determination for a request to access a protected object. An ACL policy controls:

What operations can be performed on the resource
Who can perform these operations

An ACL policy is composed of one or more entries that include user and group designations and their specific permissions or rights. An ACL can also contain rules that apply to unauthenticated users.

Parent topic: Security concepts for a WebSEAL deployment