Access Control Lists

Access Control Lists (ACLs) define the permissions of who is allowed to do what on certain entities. Examples include:

On these and the other entities that support ACLs, the List can have one or more entries.

For each Access Control Entry we can define which User or Group the entry describes, and then what permission is given to them. Permissions are:

  • Read - They can view.
  • Write - They can view and update.
  • Delete - They can delete.
  • Change Access Rights - They can update the ACL for this entity.

User Inheritance.

Groups are the primary way that a number of users would get access to any given entity. For example if we have an asset Y, and there is an Access Control Entry that says Group 'Editors' are allow to write, then any user that is in the 'Editors' Group will have write access.

If the user was also specifically given Delete to that asset, then they would have the ability to both write and delete.

Inheritance of ACLs.

ACLs can be inherited by Assets and Collections, if are in a Collection which has an inheritable ACL on it.


Administrators have access over and above the usual ACLs - so that they have access to everything in the system.


The user that creates an entity in iconik automatically gets full rights to the entity that they created.

Learn more