ACL
Definition
An Access Control List (ACL) is a set of rules that define permissions for users or system processes to access resources. ACLs specify which users or system processes are granted or denied access to objects, as well as what operations are allowed on given objects. They are commonly used in file systems, network devices, and applications to enforce security policies and ensure that only authorized entities can perform specific actions.
Secure Settings Example
{
"acl": {
"allow": [
{
"principal": "user:john.doe@example.com",
"action": "read",
"resource": "/data/reports"
},
{
"principal": "user:admin@example.com",
"action": "write",
"resource": "/data/reports"
}
],
"deny": [
{
"principal": "user:guest@example.com",
"action": "write",
"resource": "/data/reports"
}
]
}
}
Insecure Settings Example
{
"acl": {
"allow": [
{
"principal": "user:*",
"action": "read",
"resource": "/data/reports"
}
]
}
}