Access Control List (ACL)

Authentication & Authorization 🔐 • Network Security 🌐 • Security Operations 🛡️ • Sec+ Glossary 📖 • Difficulty: free

What is Access Control List (ACL)?

An Access Control List, or ACL, is a set of rules that defines which users, systems, or types of traffic are allowed or denied access to a resource.

Examples

A file server uses an ACL to allow the finance team to open payroll documents while denying access to other departments.
A router applies an ACL that blocks traffic from a suspicious IP range before it reaches internal systems.

Discover 🔎

Security often comes down to one practical question: who should be allowed through, and who should be stopped? That question appears everywhere. It applies to files, folders, applications, network traffic, cloud resources, and administrative tools. An Access Control List is one of the ways systems answer it.

ACLs matter because security is rarely all-or-nothing. Most organizations do not want every user to have full access, and they do not want every packet or request treated the same way. They need a clear, repeatable way to define what is allowed, what is denied, and under which conditions. ACLs provide that rule-based structure.

Remember: An ACL is basically a rule list that decides what gets access and what does not.

Summary 📝

An Access Control List is a rule-based way to decide what access is allowed and what access is denied. It is used in both file permissions and network traffic control, making it an important tool for limiting exposure and enforcing security boundaries. When designed well, ACLs help organizations apply least privilege in practical, measurable ways.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.