A set of rules defining the operations (read, write, execute, etc.) that a user can perform on a resource (usually a file, but also a network address or port). The requester in question can be either a user or a system process.