Designing secure code
nDefining ACL (Access Control List) Lists:
nDetermine the resource you use
nDetermine the business defined access requirements
nDetermine the appropriate access control technology
nConvert the access requirements to access control technology