Access Control Matrix and Access Control List (ACL)
The section in this article on access control matrix describes the matrix and discusses how it is related to the access control list (ACL). This section will introduce you to the access control matrix and the ACL. Pay attention to the term Kerberos, which was used in the previous unit.
An access control matrix is a table of subjects and objects indicating what actions individual subjects can take upon individual objects.
The access rights that are assigned to individual subjects are called capabilities and those assigned to objects are called Access Control Lists (ACL).
This technique uses a capability table to specify the capabilities of a subject pertaining to specific objects. A capability can be in the form of a token, ticket, or key.
- Each row is a capability and each column is an ACL for a given user.
- Kerberos uses a capability-based system where every user is given a ticket, which is his capability table.
ACLs are a list of subjects that are authorized to access a specific object and they define what level of authorization is granted ( both at individual and at group level)
ACLs map values from the access control matrix to the object.
Note: A capability table is bound to a subject, whereas an ACL is bound to an object.
Source: https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Access_Control_Systems#Access_Control_Matrix
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.