Access Control Entry (ACE)

Access control entries (ACE) are entries in an access control list containing information describing the access rights related to a particular security identifier or user. Each access control entry contains an ID, which identifies the subject group or individual. An access control list may have several access control entries with each one defining the access rights of different groups or individuals.


The access control entries present in access control lists control all the access to the associated objects from the users or programs that would want to use them. They define who, and at what level can the object or resource be used by entities. It is what controls the overall security in a given system.
When a user logs on to a system and executes a program, it uses the credentials and rights associated with the user. When the program attempts to open an object or use some resources, the OS compares the credential being used by the program with the security control associated with the object or user. The ACE information is then used by a security reference monitor to determine if the program should be allowed or denied access to that object or user.

Post a Comment

0 Comments