All operations defined on the object are grouped by type of access to the object they represent, and named using a tag. It must be possible to specify which principals or groups of principals are authorized for specific operations, as well as which principals are explicitly denied authorizations, therefore we define positive and negative access rights.