# Configure ACLs ACLs (Access Control Lists) are essential to ensure secure and controlled access to the resources managed within a Virtual File System. By properly configuring ACLs, you can precisely define **who is allowed to view, modify, or manage files and directories** - reducing the risk of unauthorized access and ensuring data integrity. ## Enabling ACLs When creating a VFS in **Data Mover** (see [Create a virtual file system](/data-mover-1.21/virtual-file-systems/create-a-virtual-file-system.md#new-virtual-file-system-window-fields)), the **Enable ACL** option must be set to **ON** in the **New Virtual File System** window. This setting is mandatory for ACL configuration and **cannot be changed later**. ### Assigning Users or Groups to a VFS To assign the **Users** or **Groups** allowed to access the VFS follow these steps: 1. **Open the ACL assignment panel**\ In the VFS results list, click the **3‑dot menu** next to the desired VFS.\ Select **Edit** to open the **Virtual File System details** page. \ To manage permissions: 1. Click the **USER** chip to manage user permissions 2. Click the **GROUP** chip to manage group permissions If you do **not** see these chips, the padlock icon is **open**: ACLs are **disabled**, and the VFS is accessible to all users and groups. 2. **Select who can access the VFS**\ A window opens with two sections: 1. **Users (or Groups) assigned to the Actor**: in this tab, you can assign **External Users** or **External Groups** associated with the Actor. 2. **Internal Users (or Groups)**: in this tab, you can assign **Internal Users** or **Internal Groups** defined at company level. Use the **drop‑down menu** to select the User or Group you want to authorize. 3. **Set VFS permissions**\ After selecting a User or Group, set their permissions by checking the relevant boxes: * **Listing** – view the content of the virtual path * **Create** – create new folders * **Delete** – delete files or folders * **Download** – download files * **Rename** – rename files or folders * **Upload** – upload files Each entry also provides a **trash icon** to remove the access rule completely. 4. Click **Save** to confirm the configuration. A summary showing the number of authorized **Users** and **Groups** appears in the VFS or Virtual Path list. When you create a **child folder** (a Virtual Path under another Virtual Path): * Its ACL configuration is **inherited** from the parent. * All permissions defined for the parent are **automatically applied** to its children. This ensures consistent and predictable access management across the entire Virtual File System structure. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.primeur.com/data-mover-1.21/virtual-file-systems/configure-a-virtual-file-system/configure-acls.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.