What is the difference between Access Control Lists (ACLs) and Capability Tables?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
Capability tables are used to track, manage and apply controls based on the object and rights, or capabilities of a subject.For example, a table identifies the object, specifies access rights allowed for a subject, and permits access based on the user's posession of a capability (or ticket) for the object.
It is a row within the matrix.
To put it another way, A capabiltiy table is different from an ACL because the subject is bound to the capability table, whereas the object is bound to the ACL.
CLEMENT NOTE: If we wish to express this very simply: Capabilities are attached to a subject and it describe what access the subject has to each of the objects on the row that matches with the subject within the matrix.
It is a row within the matrix.
ACL's are attached to objects, it describe who has access to the object and what type of access they have.
It is a column within the matrix.
The following are incorrect answers: "Access control lists are subject-based whereas capability tables are object-based" is incorrect.
"Capability tables are used for objects whereas access control lists are used for users" is incorrect.
"They are basically the same" is incorrect.
References used for this question: CBK, pp.
191 - 192 - AIO3 p.
169
Access Control Lists (ACLs) and Capability Tables are both used for managing access control in computer systems. However, they differ in how they are used and the entities to which they are attached.
Access Control Lists (ACLs) are a commonly used mechanism for implementing access control in computer systems. ACLs are lists of permissions that specify which users or groups are allowed or denied access to specific resources such as files, folders, or network shares. The ACL is attached to the object being protected, such as a file or folder. When a user requests access to the object, the system checks the ACL to determine whether the user is allowed to access the object.
On the other hand, Capability Tables are a less commonly used access control mechanism, in which the permissions are associated with the user rather than the resource being protected. In a capability-based access control system, each user is given a set of capabilities, which are essentially permissions or rights that they can use to access resources. The capabilities are stored in a table, which is attached to the user's account. When a user requests access to a resource, the system checks the user's capabilities to determine whether they have the necessary permission to access the resource.
Therefore, the correct answer is A: Access control lists are related/attached to a subject whereas capability tables are related/attached to an object.