Access Control Entry
An ACE is a single line item within an access control list that grants or denies specific permissions to one user or group. Each ACE identifies a trustee, the rights involved, and whether they are allowed or denied. Misordered or overly broad ACEs in Active Directory are a frequent source of privilege escalation paths.