Access Control List (ACL) have been around for a long time. In its simplest form, it is a lightweight and flexible way of implementing privileges management. In general, an application may utilize such ACL‘s to control access to certain protected objects by other requesting objects.
For the purposes of this documentation:
- a resource is an object to which access is controlled.
- a role is an object that may request access to a Resource.
Put simply, roles request access to resources. For example, if a parking attendant requests access to a car, then the parking attendant is the requesting role, and the car is the resource, since access to the car may not be granted to everyone.
Through the specification and use of an ACL, an application may control how roles are granted access to resources.