Access Control Lists (ACLs) in the SAP ERP system can be used within the SAP PS module to restrict the access to PS data structures (WBS elements and networks). They were added in SAP ERP ECC 6.0 EhP 3. Before being able to use ACLs, they must be enabled in customizing.
For WBS elements:
SPRO → Project System → Structures → Operative Structures → Work Breakdown Structure (WBS) → Create Project Profile
SPRO → Project System → Structures → Operative Structures → Network →Settings for Networks → Maintain Network Profiles
ACLs can be enabled per project or network profile; so they will be available for projects and networks with specific profiles only. In customizing, you can also choose if ACL inheritance should be enabled (which makes a lot of sense from my point of view).
After enabling ACLs in customizing, they will be available as a tab on the header data of projects, WBS elements and/or networks. They work basically like unix file ACLs – you can assign read, write and admin (meaning read, write, delete, and the modification of the ACL itself) privileges and also restrict access completely per user, user group or organizational unit. A very useful feature that has been demanded for a while by the SAP PS users.