An Access Control List (ACL) is a simple mechanism, dating back to the 1970s and remains in widespread use for the protection of system resources of varying types (e.g., files and directories). Resources are associated with an ACL that stores lists and groups users along with their approved rights (e.g., read, write) for controlling access to those resources.
Benefits:
Drawbacks:
An Access control method where user requests to perform operations on resources are granted or denied based on attributes assigned to users, attributes assigned to resources, and a set of policies that are specified in terms of those attributes.
Benefits:
Drawbacks:
Benefits of ACLs and ABAC without their drawbacks.
When a user enters on duty or when a user's job function, authority, affiliation, or any other characteristic changes, an administrator simply assigns/reassigns the user to appropriate attributes, and corresponding ACLs are automatically created and/or updated.