Access Control Lists

ACL suffer from various problems: Maintenance can become more and more difficult as access rules grow on objects. Hierarchies and inheritance of rights make decisions hard to calculate

But the core problem is that the WHOLE rights vector of a user is used to determine whether access to an object should be granted. This is a clear violation of POLA because malicious code can use all the users rights as well.