Home > Storage > PowerScale (Isilon) > Product Documentation > Security and Compliance > Access Control Lists on Dell EMC PowerScale OneFS > ACL overview
An ACL is a list of permissions associated with an object. It specifies which users or system processes have permissions to objects, and what operations are allowed on given objects. Each entry in a typical ACL, referred to as an access control entry (ACE), specifies a subject and an operation.
Many kinds of systems implement ACLs, for example, network hardware and file systems. On network hardware like routers and switches, each entry in an ACL specifies hosts and networks that are permitted to port numbers or IP addresses on a host that provides a service. In a file system, each entry in an ACL specifies individual user or group rights to a specific system object. This document focuses on file system ACLs.
For file systems, ACLs were first widely used in Microsoft Windows environments for NTFS and SMB. The NFSv4 ACL and OneFS ACL are derived from the Windows ACL. The expressive, Windows-style ACL is typically referred to as the rich ACL. This ACL defines similar permissions and inheritance. For details about ACLs on Windows NTFS and SMB, see the appendix A.1. For details about the NFSv4 ACL, see appendix A.2.
With the influence of expressive, Windows-style ACLs, a POSIX working group was formed to standardize an ACL permission model for POSIX systems. Although this initiative effort proved to be too ambitious and was abandoned, many UNIX style systems have implemented the last draft proposal, POSIX 1003.1e Draft 17, which is the POSIX ACL. When compared with Windows-style ACLs, the POSIX ACL is much less rich and only defines read, write, and execute permissions for a file-system object. For details about POSIX ACL, see appendix A.3. HDFS ACL is an Apache implementation of POSIX ACL.