Questions tagged [acl]

An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object.

An access control list (ACL) specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation.

When a subject requests an operation on an object in an ACL-based security model the operating system first checks the ACL for an applicable entry to decide whether the requested operation is authorized. A key issue in the definition of any ACL-based security model is determining how access control lists are edited, namely which users and processes are granted ACL-modification access. ACL models may be applied to collections of objects as well as to individual entities within the system hierarchy.

Benefits of ACLs include:

easy to implement
easy to understand
extremely fine-grained: down to the user and the resource

Drawbacks of ACLs include:

too fine-grained and thus too hard to manage. The ACL management is on a per-object level
not context-aware: ACLs do not take time, location, or other attributes into consideration
doesn't scale: ACLs only work on a small set of objects and users.

Other access control models include rbac and abac which aim to address the shortcomings of acl.

More information can be found on Wikipedia's definition of access control lists.

2775 questions

votes

2 answers

Symfony2 ACL combined with another criteria

I'm wondering if anyone knows of an elegant way to achieve this using the Symfony2 ACL system. I have a Comment entity (my domain object) which needs to be editable by ROLE_USER but this is only allowed within 5 minutes of the comment being posted -…

symfony acl

asked Oct 24 '11 at 17:04

Kasheen

5,401
2
31
41

votes

2 answers

How do you programmatically fix a non-canonical ACL?

I have the following code: DirectoryInfo directory = new DirectoryInfo(@"C:\Program Files\Company\Product"); if (!directory.Exists) { directory.Create(); } DirectorySecurity directorySecurity = directory.GetAccessControl(); SecurityIdentifier…

c# exception acl

asked Nov 14 '11 at 19:16

Kevin Kibler

13,357
8
38
61

votes

9 answers

How to change permission recursively to folder with AWS s3 or AWS s3api

I am trying to grant permissions to an existing account in s3. The bucket is owned by the account, but the data was copied from another account's bucket. When I try to grant permissions with the command: aws s3api put-object-acl --bucket…

amazon-web-services amazon-s3 directory file-permissions acl

asked Oct 04 '17 at 19:29

gc5

9,468
24
90
151

votes

4 answers

Access is Always Denied in Spring Security - DenyAllPermissionEvaluator

I have configured ACL in my Spring Boot application. The ACL configuration is as follows: @Configuration @ComponentScan(basePackages = "com.company") @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true) public class…

java spring spring-boot spring-security acl

asked Jan 26 '17 at 11:09

Hasan Can Saral

2,950
5
43
78

votes

2 answers

Node.js and ACL

I've chosen for my project Node.js+Express+Mongoose. Until now, I didn´t need to use ACL, but in this phase of project a I need to implement this. NPM contains a few modules, but which one to choose? Please tell me your experiences with ACL…

node.js express mongoose acl

asked Jan 09 '13 at 12:35

otodockal

votes

1 answer

CakePHP ACL Database Setup: ARO / ACO structure?

I'm struggling to implement ACL in CakePHP. After reading the documentation in the cake manual as well as several other tutorials, blog posts etc, I found Aran Johnson's excellent tutorial which has helped fill in many of the gaps. His examples…

php cakephp permissions acl security-roles

asked Sep 10 '08 at 14:39

user5564

votes

3 answers

Authorisation in microservices - how to approach domain object or entity level access control using ACL?

I am currently building microservices based system on java Spring Cloud. Some microservices use PostgreSQL and some of them MongoDB. REST and JMS is used for communication. The plan is to use SSO and OAuth2 for authentication The challenge I am…

spring security authorization acl microservices

asked Dec 15 '16 at 10:22

Lukas S

votes

3 answers

What is the best way pre filter user access for sqlalchemy queries?

I have been looking at the sqlalchemy recipes on their wiki, but don't know which one is best to implement what I am trying to do. Every row on in my tables have an user_id associated with it. Right now, for every query, I queried by the id of the…

filter sqlalchemy acl

asked May 21 '10 at 20:41

steve

votes

2 answers

C# - How do I get the "Everybody" user?

I already wrote a code which can create a share and change permissions for the current user. The goal was to always allow all for everybody on share level and deny rights on ntfs acl level. I use a german windows and I noticed that I only can access…

c# acl

asked Feb 16 '11 at 07:58

fpdragon

1,867
4
25
36

votes

4 answers

How to make images hosted on Amazon S3 less public but not completely private?

I fired up a sample application that uses Amazon S3 for image hosting. I managed to coax it into working. The application is hosted at github.com. The application lets you create users with a profile photo. When you upload the photo, the web…

ruby amazon-s3 heroku private acl

asked Mar 31 '10 at 00:57

Jay Godse

15,163
16
84
131

votes

2 answers

Is there a tool to generate SDDL (Security Descriptor Definition Language) strings?

Is there a tool to generate SDDL (Security Descriptor Definition Language) strings? I'd like to create them through Windows' Security property sheet or something similar.

windows security acl windows-security

asked Mar 28 '12 at 12:29

Ilya

5,533
2
29
57

votes

1 answer

What is the exact difference between ACL and RBAC in general?

Hello all this may be a silly question but I am really confused about ACL, RBAC, DAC, MAC... with the simple example of online university management system that has following user types: admin hod faculty student each of them have different…

acl rbac

asked Aug 11 '15 at 12:27

Innam Hunzai

votes

6 answers

IIS 8.5 is not serving JS, CSS, and Image files (static content)

The problem We're running IIS on Windows 8.1 with Update. We're at the Orchard CMS first time setup screen, and IIS is giving 401s for all static content. We have read the following to no avail: IIS 7.5 no images css js showing IIS 7.5 no images…

iis acl orchardcms-1.8 static-content

asked Feb 08 '15 at 23:41

Shaun Luttin

133,272
81
405
467

votes

2 answers

S3 - Anonymous Upload - Key prefix

I am trying to understand exactly how to setup a bucket that is generally private but allows anonymous uploads with restrictions. The specific criteria are: The bucket is mostly private and requires my key/secret to add/remove/update/list…

amazon-s3 amazon-web-services http-post acl anonymous

asked Aug 11 '12 at 16:05

Eric Anderson

3,692
4
31
34

votes

4 answers

building a 'two-way' OO dynamic ACL system

This question came up while designing a dedicated ACL system for a custom application, but I think it applies to ACL systems in general, as I haven't found out how to tackle this problem by looking at some of the mainstream systems, like…

php oop design-patterns acl

asked Sep 13 '11 at 13:57

Rijk

11,032
3
30
45

Prev 1

…

99 100 Next