An access control list, or ACL, is a list of user permissions that controls access to a system resource.

An ACL specifies which users or system processes are allowed to have access to the system resource. Each ACL entry specifies a subject and an allowed operation.


MongoDB provides two types of ACL: Collection-Level Access Control and Role-Based Access Control.

Collection-Level ACL lists the administrators with privileges scoped to specific collections in the database. You can implement Collection-Level ACL by assigning user-defined roles which control the administrator’s permissions.

Role-Based ACL lists administrators who have access to the MongoDB system. If you give a user roles that add them to the Role-Based ACL, the user would have access to the database’s resources and operations.


MySQL performs two stages of ACL:

  • Stage 1: MySQL checks your identity by comparing you to the stored host and user names. Your MySQL username and client host defines your identity.
  • Stage 2: After Stage 1, MySQL checks your privileges on the MySQL database when you perform operations or send requests through your connection.


PostgreSQL can implement privileges that control the ACL properties of the PostgreSQL database. By using privileges, you will control and view the privileges of object types.


You can specify the connections that can connect to your Redis database by using the ACL feature which authenticates usernames and passwords. With your username and password, the ACL feature decides how much of the database you can access and control. The ACL feature can limit the amount of commands and keys that are accessible.