Access control entry -files, folders, shares, registry keys, and active directory objects are all protected by permissions. to store the permissions, each of these elements has an access control list (acl). an acl is a collection of individual permissions in the form of access control entries (aces). each ace consists of a security principal (that is, the name of the user, group, or computer granted the permissions) and the specific permissions assigned to that security principal. when you manage permissions in any of the windows server 2008 permission systems, you are actually creating and modifying the aces in an acl.