What is an Access Control List (ACL)?

Most security technologies offer an either/or scheme. Either you can have access to the backend or you can't.

An Access Control Lis (ACL) allows the administrator to grant fine-grained permissions to a site. For example a user might have permission to add content to a page but not change or delete content.

Control can be set to add, change, create, delete, edit, view, import, export, manage, open and close. These permissions can be set to specific objects and not others or to a particular area and nowhere else. They can be set to a whole group or to an individual.

With an ACL a company can give its sales staff in the field access to information in the website that no one else can see. The entire website can be managed by a group with each member possessing different responsibilities thus different permissions.

Microsoft's IIS server technology acts as a gateway to a multi-layer security system or ACL. Unfortunately, it uses the NT logon manager so the only browser that can use this technology is their own, Internet Explorer.

Zope's ACL is browser transparent; that is, all browsers can use it. With Zope's ACL security even if hackers gains access to one object, they are locked out of everywhere else.