Authorization decisions depend on the following information:
privilege attributes
A set of principal and group names qualified by the cell name in which the principals and groups exist.
This information comes from the entity (client)
that is attempting to perform the operation in question.
ACL privilege attribute entries
This is the ACL. It consists of a list of entries, each of which consists of an entry type, a key, and a permissions set,
which taken together describe what permissions a particular entity possesses for the object to which the ACL is attached.
The ACL is looked up by the server through which the client is trying to perform the operation.
ACL mask entries
These consist of two entry_type:permissions_set pairs.
requested permissions
A permission set which describes the permissions that a client must possess in order to perform the requested operation. The server itself calculates this
information.
There are two levels of semantics/policy to be considered here. One is the semantics of privilege attributes, for which we specify a strict (POSIX compliant) policy in the form of an access checking algorithm. This is embodied in the default access checking algorithm provided by the ACL library. The second is the semantics of permissions. Ultimately these depend on the ACL manager and the kinds of objects it protects. However, some recommendations for keeping permissions as intuitive and consistent across applications as possible are offered in the following subtopic.
More:
Permissions Semantics Recommendations