===== Setting up ACL =====

Before starting with Access Control Lists (ACL) module administration, your should read the [[documentation:rsbac_handbook:security_models:acl|ACL description]].

The ACL module has no attributes at any target. Instead, everything is done with ACLs at targets and a list of ACL groups. Rights are granted for subjects of the types user, ACL group and RC role.

Available tools are:
^ Name ^ Description ^
| rsbac_acl_menu | Menu for administration of ACLs |
| rsbac_acl_group_menu | Menu for ACL groups |
| acl_grant | Grant and revoke rights to objects, remove ACL entries |
| acl_group | ACL group administration |
| acl_mask | Get, set and backup inheritance masks |
| acl_rights | Query current access rights of a subject to some object |
| acl_rm_user | Remove user from all ACLs in the system |
| acl_tlist | List all ACL entries at a target, make ACL backups |
| linux2acl | Convert Linux groups and filesystem object modes to ACLs |

Example to grant user joe READ right to /root:
  acl_grant USER joe READ DIR /root

Show all ACLs at /root:
  acl_tlist DIR /root

\\ 
----
**Table of Contents:** [[documentation:rsbac_handbook|RSBAC Handbook]]\\
**Previous:** [[.:res|RES]]\\ 
**Next:** [[.:mac|MAC]]\\ 
**Alternative:** [[documentation:rsbac_handbook:configuration_basics:setting_up_modules|Setting up Modules]]