To determine permissions, the ACL manager first uses the standard access-check algorithm (described in Authorization.) to determine the permissions to grant to the delegation initiator. If the requested permission is not granted, access is denied.
If the requested permission is granted, the ACL manager then checks the permissions granted to the delegates in the chain. This checking is similar to the standard access-check algorithm, but it takes into account any additional delegate permissions granted to the delegates. If the requested permission is not granted to all delegates, access is denied. If the requested permission is granted to all delegates, access is granted.