Added in API level 1
Deprecated in API level 33
Summary: Methods | Inherited Methods

Acl

public interface Acl
implements Owner

java.security.acl.Acl

This interface was deprecated in API level 33.
This class is deprecated and subject to removal in a future version of Java SE. It has been replaced by java.security.Policy and related classes since 1.2.

Interface representing an Access Control List (ACL). An Access Control List is a data structure used to guard access to resources.

An ACL can be thought of as a data structure with multiple ACL entries. Each ACL entry, of interface type AclEntry, contains a set of permissions associated with a particular principal. (A principal represents an entity such as an individual user or a group). Additionally, each ACL entry is specified as being either positive or negative. If positive, the permissions are to be granted to the associated principal. If negative, the permissions are to be denied.

The ACL Entries in each ACL observe the following rules:

  • Each principal can have at most one positive ACL entry and one negative entry; that is, multiple positive or negative ACL entries are not allowed for any principal. Each entry specifies the set of permissions that are to be granted (if positive) or denied (if negative).
  • If there is no entry for a particular principal, then the principal is considered to have a null (empty) permission set.
  • If there is a positive entry that grants a principal a particular permission, and a negative entry that denies the principal the same permission, the result is as though the permission was never granted or denied.
  • Individual permissions always override permissions of the group(s) to which the individual belongs. That is, individual negative permissions (specific denial of permissions) override the groups' positive permissions. And individual positive permissions override the groups' negative permissions.
The java.security.acl package provides the interfaces to the ACL and related data structures (ACL entries, groups, permissions, etc.).

The java.security.acl.Acl interface extends the java.security.acl.Owner interface. The Owner interface is used to maintain a list of owners for each ACL. Only owners are allowed to modify an ACL. For example, only an owner can call the ACL's addEntry method to add a new ACL entry to the ACL.

Summary

Public methods