What Is an Access Control List (ACL)?

Access Control List (ACL) - Definition

An Access Control List (ACL) is an ordered set of rules used to grant and enforce permissions to system resources, assigned to a specific system object such as a file, directory, database record, or network resource. Each ACL entry (ACE - Access Control Entry) defines a subject (user, group, or other security principal), the scope of allowed or denied actions, and any applicable conditions. An ACL is a mechanism that implements access control policies derived from information security standards and identity and access management (IAM) best practices.

The concept of ACLs appears in many technical specifications, including NFSv4 (RFC 7530), WebDAV ACL (RFC 3744), POSIX-compliant file systems (POSIX.1e - draft), and Microsoft Windows access control mechanisms (DACL and SACL). In information security management, ACLs support the access control requirements of ISO/IEC 27001:2022 and ISO/IEC 27002:2022, as well as the AC (Access Control) family in NIST SP 800-53 Rev. 5.

The Role of ACLs in Image and Video Anonymization

In image and video anonymization workflows, ACLs separate access to sensitive artifacts such as original files, anonymization masks, anonymized outputs, and processing metadata. This applies both to data preparation stages and to the operation of AI models used for face and license plate detection.

• Original vs. anonymized versions - ACLs restrict access to unprocessed frames and audio exclusively to operationally authorized roles and compliance supervisors. Quality assurance teams typically require access only to anonymized versions.
• Detection models and artifacts - In deep learning projects, access to training datasets, model weights, and inference configurations is governed by ACLs in line with the principle of least privilege. This reduces the risk of data leakage involving source data used to train face and license plate detectors.
• Export and integrations - ACLs control permissions for exporting results, publishing, and sharing, which is critical for compliance with GDPR Article 32 on security of processing.
• Audit trails - In systems that log security events, ACLs may also define the scope of auditing (e.g., SACL in Windows). In the context of Gallio PRO, logs do not include information about face or license plate detections, reducing the risk of storing personal data in operational logs.

ACL Technologies and Implementations

ACLs operate at both the system and application layers. In practice, they are commonly combined with identity services and role-based or attribute-based access control models.

• File systems and protocols - POSIX ACLs (POSIX.1e - draft), NFSv4 ACLs (RFC 7530), Windows DACL/SACL, and WebDAV ACLs (RFC 3744). These enforce permissions for files containing original and anonymized materials.
• Authorization models - RBAC and ABAC. NIST SP 800-162 defines ABAC, which is often integrated with ACLs when access conditions depend on contextual attributes such as project, sensitivity level, or on‑premise processing location.
• Identity and federation - LDAP/Active Directory, Kerberos, SAML 2.0, and OpenID Connect. Identity providers supply the identifiers referenced in ACL entries.
• Application layer - In video processing systems, ACLs define views and operations such as viewing originals, editing masks, approving batches, and exporting data. In Gallio PRO, automation covers faces and license plates only, while other objects can be masked manually in the editor—ACLs allow these tasks to be assigned to the appropriate roles.

Key Access Control Parameters and Metrics

Measurability and consistency of ACL policies are critical for compliance and operational efficiency. Below is an example ACL entry structure along with operational metrics.

When designing ACLs, it is advisable to maintain a clear set of metrics that support auditing and continuous improvement.

• Policy coverage - Percentage of visual resources and models with explicitly defined ACLs.
• Segregation of duties - Number of instances where the same role can both anonymize and approve publication.
• Change implementation time - Time between requesting permission changes and their enforcement in the system.
• Justified denial ratio - Proportion of justified denials relative to all denials, indicating policy quality and configuration errors.

ACL Challenges and Limitations

ACLs provide granular control but require strong design and operational discipline. Image and video processing systems face several common challenges.

• Complexity and consistency - A growing number of ACL entries increases the risk of side effects when rules partially overlap. Regular policy reviews and RBAC patterns mapped to ACLs help mitigate this.
• Inheritance - Incorrect permission inheritance in directory hierarchies can expose original files to unauthorized users. Regression testing of policies is recommended.
• Contextual conditions - ABAC increases policy expressiveness but complicates validation. Policy-as-code testing is required.
• Auditing - If access logging is enabled, logs should not contain personal data. In Gallio PRO, face and license plate detection logs are not collected by default.
• Compliance - Policies must support data minimization and processing integrity in line with GDPR Articles 5 and 32.

ACL Use Cases in the Context of Gallio PRO

The following scenarios demonstrate practical role-to-permission mappings across stages of visual data anonymization. Gallio PRO operates on‑premise, automatically masks faces and license plates, and allows other objects to be masked manually in the editor.

• Access to original materials - Only the Data Protection Officer and designated operators have read access to the source material repository. Quality assurance teams work exclusively with anonymized versions.
• Role separation - Anonymization operators can apply masks and generate outputs but cannot approve publication. Approval is reserved for supervisory roles.
• Model access - The ML team is authorized to train and update face and license plate detectors. Production inference uses signed and approved models in read-only mode.
• Export and sharing - Only specific roles may export anonymized materials outside the on‑premise environment. ACLs block any export of original files.
• Manual editor - Authorized users can add masks to other objects (e.g., logos) in manual mode. ACLs restrict this functionality to designated projects.

Standards and References

The following bibliography includes standards and source documents used in defining and applying ACLs in secure image and video processing.

• ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection - Information security management systems - Requirements. ISO, 2022.
• ISO/IEC 27002:2022 - Information security, cybersecurity and privacy protection - Information security controls. ISO, 2022. Access control and identity management controls.
• NIST SP 800-53 Rev. 5 - Security and Privacy Controls for Information Systems and Organizations. NIST, 2020. AC family - Access Control. https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
• NIST SP 800-162 - Guide to Attribute Based Access Control (ABAC). NIST, 2014. https://csrc.nist.gov/publications/detail/sp/800-162/final
• RFC 7530 - Network File System (NFS) Version 4 Protocol. IETF, 2015. ACL definitions in NFSv4. https://www.rfc-editor.org/rfc/rfc7530
• RFC 3744 - WebDAV Access Control Protocol. IETF, 2004. https://www.rfc-editor.org/rfc/rfc3744
• Microsoft Docs - Access Control Lists. Description of DACL and SACL in Windows. Microsoft, current documentation. https://learn.microsoft.com/windows/win32/secauthz/access-control-lists
• Regulation (EU) 2016/679 (GDPR) - Articles 5 and 32 - data minimization and security of processing. EUR-Lex, 2016. https://eur-lex.europa.eu/eli/reg/2016/679/oj