ZFSSA provides file access control through Access control lists (ACLs). An access control list is a mechanism that allows or denies access to a particular file or directory.
The ACL model provided by ZFSSA is based on the NFSv4 ACL model which is derived from the Windows ACL semantics. It is a rich ACL model that provides for fine grained access to files and directories. Every file and directory within the storage ZFSSA has an ACL and all access control decisions for both SMB and NFS go through the same algorithms for determining who is allowed or denied access to files and directories.
An ACL is composed of one or more ACEs (Access Control Entries). Each ACE contains an entry for the permissions the ACE grants or denies; who the ACE applies to and the inheritance level flags used.