Computer access control – Authorization (kb)

Authorization involves the act of defining access-rights for subjects. An authorization policy specifies the operations that subjects are allowed to execute within a system.[citation needed]

Most modern operating systems implement authorization policies as formal sets of permissions that are variations or extensions of three basic types of access:[citation needed]

Read (R): The subject can

Read file contents
List directory contents

Write (W): The subject can change the contents of a file or directory with the following tasks:


Execute (X): If the file is a program, the subject can cause the program to be run. (In Unix-style systems, the “execute” permission doubles as a “traverse directory” permission when granted for a directory.)

These rights and permissions are implemented differently in systems based on discretionary access control (DAC) and mandatory access control (MAC).