Access Control List (ACL) provides restrictions on who can access a particular configuration item.

When a process initiated by the user attempts to access a restricted item (which is anything with an ACL attached) the groups that the user belongs are checked against the ACL to determine if the user should be given access to the item.