The product stores access control list files in a directory or other container that is accessible to actors outside of the intended control sphere.