The ACL entry types are as follows:
object owner
Establishes permissions for the object's owner. An ACL can contain only one entry of this type.
user
Establishes permissions for a specific user in the home cell or any other cell with which your cell has a trust relationship, unless the user is specifically named in the owner ACL entry. An ACL can contain any number of entries of this type, but each entry must be unique with respect to the user it specifies.
object owner's group
Establishes permissions for members of the object owner's group, unless they are specifically named in ACL entries of entry type user or owner. An ACL can contain only one entry of this type.
group
Establishes permissions for members of a specific group in the home cell or any other cell with which your cell has a trust relationship, unless the members are specifically named in ACL entries of entry type user or owner. An ACL can contain any number of entries of this type, but each entry must be unique with respect to the group it specifies.
home cell
Establishes permissions for all other users in the ACL's home cell, unless the users are specifically named in ACL entries of entry type users, are members of a group named in an ACL with an entry type of group, or match the user(s) indicated by the object owner or object owner's group entry. An ACL can contain only one entry of this type.
cell
Establishes permissions for others in any other cell except the home cell, unless they are specifically named in ACL entries of entry type object owner or user or are members of a group named in an ACL entry of type object owner's group or group. An ACL can contain a number of entries of this type, but each entry must specify a different cell.
all other users
Establishes permissions for all others in all cells, unless they are specifically named in any other ACL entry. An ACL can contain only one entry of this type.
unauthenticated mask
Establishes maximum permissions for all unauthenticated users. Note that adding an unauthenticated mask entry with an empty permission set to an ACL is equivalent to omitting the unauthenticated mask entry from the ACL; it disallows all unauthenticated access.
general mask
Establishes maximum permissions for all user requests regardless of the permissions granted with any of the other ACL entry types, unless granted by type object owner or home cell. Note that adding a general mask entry with an empty permission set means that no permissions are allowed through the general mask; whereas, not having a general mask on the ACL imposes no restrictions on the ACL.