The acl token uses different formats to record information about Access Control Entries (ACEs) for a ZFS file system and about Access Control Lists (ACLs) for a legacy UFS file system.
When the acl token is recorded for a UFS file system, the praudit -x command shows the fields as follows:
<acl type="1" value="root" mode="6"/>
When the acl token is recorded for a ZFS dataset, the praudit -x command shows the fields as follows:
<acl who="root" access_mask="default" flags="-i,-R" type="2"/>