The only user interface to the ACL facility is the dcecp ACL object acl_edit. This tool edits an object's ACL, the entries of which specify the permissions to the object that may be granted to principals possessing specified privilege attributes.
The ACL API consists of routines that are prefixed with sec_acl_. This is the same API that acl_edit calls, so an ACL editor or browser that is intended to replace acl_edit would call this API. A different case is that of an application server that needs to store and retrieve application-specific, access-control information for its clients. Such an application needs to implement its own ACL manager by using the DCE ACL library. (Refer to The Access Control Lists APIs for more information on ACL managers).