The DCE ACL for a file or directory object consists of multiple ACL entries. Each ACL entry defines the operations that a different user or group can perform on the object. Each entry has the following format:
{type [key] permissions}
The elements of an entry provide the following information:
· The type specifies the kind of user or group to which the entry applies.
· The key names the specific user or group to which the entry applies. Some entries apply to predefined collections of users and so do not include a key.
· The permissions define the operations that can be performed on the object by the user or group to which the entry applies. ACLs on DCE LFS objects can include six access permissions: r (read), w (write), x (execute), c (control), i (insert), and d (delete).
An ACL entry is also used to define a mask that can be included on an ACL to limit the permissions granted by certain other entries. The following topics provide more detailed information about the various ACL entry types and keys and the permissions they can grant.
Note: Although the text of this topic refers primarily to ACL entries for users and groups, an ACL entry can apply to any principal (for example, to a server principal).
More:
ACL Entry Types for Users and Groups
ACL Entry Types for Unauthenticated Users