A Complete Overview of Access Control Lists (ACLs)

With the help of access control lists (ACLs), administrators can dictate who can and cannot perform certain actions in a given digital space. The Access Control List (ACL) is a set of rules that determines which resources and actions a given user has access to.

There are several kinds of ACLs. They can control who can access the whole network or only certain files and/or directories within the network. ACLs and other security technologies are often used together to control how traffic moves through a network.

ACLs are often a key part of IT security policies, procedures, and technologies.

What is an ACL (Access Control Lists)?

An access control list (ACL) is a set of rules that say who can get into certain digital environments and who can’t. ACLs come in two different kinds:

  • Filesystem ACLs let you control who can access files and/or directories. Filesystem ACLs tell operating systems who can use the system and what permissions they have.
  • Networking ACLs let you control who can get on the network. In networking, Access Control Lists (ACLs) tell routers and switches what kind of traffic and activities are allowed on the network.

Access Control List (ACL) is a common type of discretionary access control (DAC). In DAC, the resource owner or administrator is in charge of access control. This person decides what permissions and access rights each user or group has. ACLs are a flexible and widely used way to add access control on a case-by-case basis to different systems and network devices. 

Access control lists

Reasons to use an ACL:

  • Traffic management
  • Reduced data transfer rates for optimal network performance.
  • Network security that limits user access to only those parts of the server, network, or service that the user is authorized to use.
  • Exhaustive tracking of incoming and outgoing data traffic

Access Control Lists in a Network: What It Means

A network access control list (ACL) is a set of rules that either grants or revokes permission to access a system. An ACL functions somewhat like a club’s guest list. Only those on the list are allowed to enter. This lets administrators make sure that a device can’t get in unless it shows that it has the right credentials. 

When ACLs were first made, they worked like firewalls, preventing unwanted entities from getting in. Even though many firewalls have network access control features, some organizations still use ACLs with technologies like virtual private networks (VPNs). So, an administrator can choose which types of traffic are encrypted and then sent through the VPN’s secure tunnel.

Here’s an example of a simple ACL for a file:

File: “example.txt”

User1: Write and read

User2: Read User3: I can’t get in

In this example, User1 has both read and write permissions, so they can look at and change the contents of “example.txt.” User2 only has “read” permission, which means they can look at the file but not change it. User3 doesn’t have permission to read or change the file, so they can’t.

Advantages Of Access Control Lists

Network security

With ACLs, a network administrator can restrict access to only authorized users.  The administrator can restrict connections based on a wide variety of factors, including IP address, protocol, flow direction, and more.

ACLs can also be used to protect the router from unauthorized access over the internet.  An ACL allows a network administrator to restrict incoming VTY sessions to a single remote terminal while blocking outgoing Telnet connections.

Decreased Internet usage

Broadcast messages serve multiple purposes for many services. For instance, routers periodically exchange routing table updates via broadcast messages.  Because they cause so much extra traffic on the network, broadcast messages degrade its overall performance.

Administrators can restrict routing updates with access control lists (ACLs). The administrator of the router can change the dynamic routing protocol to include an access control list (ACL) that specifies which networks should receive advertising. Distribute-list refers to the ACL used when a protocol is used instead of an interface.

Focusing on Traffic First

With ACLs, a network administrator is able to set traffic priorities. The administrator can assign priorities to data based on its source and destination addresses, as well as its type, protocol, and intended use. An administrator can give data from a live video stream higher priority than text.

Also Read:

What is Computer Security and Why it’s Needed?

Types of access control lists

  • Both file system access control lists (ACLs) and network access control lists (NACLs) are used to restrict access to specific data within a system. Administrators of networks use access control lists (ACLs) to manage the information passing through their devices. A filesystem ACL tells the operating system which users can access the system and which privileges they are granted.
  • Access Control Lists in Linux and Windows: ACLs can be configured on Linux or Windows. Linux has the potential to be more adaptable, but its upkeep is often beyond the skill of the average user. Windows is a more stable and user-friendly alternative to Linux, but it does not allow for kernel customization.
  • There are two primary types of access control lists (ACLs): standard ACLs and extended ACLs. The default ACL doesn’t care what kind of IP traffic is being sent; it just allows or blocks it based on the IP address of the sending device. When determining whether or not to grant access, the extended ACL takes into account both the sending and receiving IP addresses.
  • Discretionary access control list (DACL) vs. system access control list (SACL): The SACL keeps track of all access requests to an object. It can be used to keep track of access permissions, whether they’ve been granted, revoked, or both. The DACL specifies who or what is able to access a secure resource. The system will routinely examine the ACEs to decide whether or not to grant access.


ACLs function as the network’s packet filters.

ACLs were the only way to protect a firewall in the past. There are many types of firewalls and other options for ACLs available today. But companies still use ACLs with technologies like virtual private networks (VPNs) that tell the VPN tunnel which traffic should be encrypted and sent through it.

Understanding the inbound and outbound traffic flows, how ACLs function, and where to place them is crucial for avoiding negative performance. Always keep in mind that a router’s job is to route incoming and outgoing traffic through the proper ports.

Press ESC to close