ACL BASED SECURITY MODEL
In an ACL-based security model, when a subject needs to execute an operation on an object, the system first verify the list for an appropriate entry in order to choose whether to carry on with the process. A main issue in the definition of any ACL-based security model is the question of how access control lists are shortened. For every object; who can change the object's ACL and what alter are allowed.
Systems that utilize ACLs can be classified into two categories: mandatory and discretionary. A system is said to have optional access control if the owner or creator of an object can completely control access to the object, counting, for instance, changing the object's ACL to grant access to anybody else. A system is said to have optional access control (also known as "non-discretionary access control" in the security literature) if it enforces system-wide restrictions that dominate the permissions stated in the ACL.
Conventional ACL systems allocate permissions to each user, which can become unwieldy in a system with an excess of users. In a more current approach called role-based access organize, permissions are allocated to position, and users are assigned to roles.