What does an "access control list" (ACL) define?

An "access control list" (ACL) establishes the permissions for users to access certain resources within a computer system or network. It serves as a critical part of security management, specifying which users or system processes have the ability to interact with specific data or resources, and what actions they are permitted to perform—such as reading, writing, or executing files.

By allowing administrators to define these specific permissions, ACLs enable granular control over who can access which parts of a system and under what conditions. This approach enhances security by ensuring that only authorized users can perform actions that could potentially compromise sensitive information or system integrity.

The other options do not accurately reflect the role of an ACL: it does not pertain to the layout of a physical building, tally the number of users in a system, or specify hardware types. Instead, it is solely focused on regulating access rights, which is essential for maintaining structured and secure systems.