Access Control Lists: Related to permissions is the concept of the access control lists (ACL). An ACL is literally a list of who can access what resource and at what level.
It can be an internal part of an operating system or application. For example, a custom application might have an ACL that lists which users have what permissions (access levels) in that system.
An ACL can also be a physical list of who is allowed to enter a room or a building. This is a much less common definition for ACL, but it is relevant to physical security.
Related to ACLs are white lists and black lists. In fact, you could consider these to be special types of access control lists.
Essentially, a white list is a list of items that are allowed. It could be a list of websites that are okay to visit with company computers, or it could be a list of third-party software that is authorized to be installed on company computers.
Black lists are the opposite. They are lists of things that are prohibited. It could be specific websites that employees should not visit or software that is forbidden to be installed on client computers.
In the case of black lists, many companies block access to hacking websites, network scanners, and steganography tools to prevent a rogue employee from using those resources on a company network.
