Access Control Lists (ACLs) are used to describe the permitted actions
(permissions) on protected network computer system resources or objects
associated with an client or user identity. An identity may be an
individual user or group of users. The actions are used to represent the
different access methods available on a particular projected object or
resource. A new action grouping mechanism is provided which tags each
action with an action group name. The grouping of actions facilitates a
larger permission set to be defined in an ACL, whereas action permission
indicators can be reused for unique action definitions within various
action groups. This effectively extends the finite total number of
permissions available within a security system, allows a more descriptive
and extensible permission mechanism in an Access Control List, as well as
aiding in the simplification of management and definition of security
policies.