Files on a LionShare peer may be shared publicly or they may have access restrictions placed on them. This decision can be made on a file-by-file basis. These restrictions take the form of attributes a requester must hold, such as belonging to a particular class or being a faculty member at a particular institution. Multiple such restrictions may be placed on an individual file for fine-grained control. The list of restrictions is called an Access Control List (ACL).

ACLs are private in LionShare. When a user creates an ACL, it is stored only on the local LionShare Peer or on a nServer; it is never sent to other users, as doing so could leak sensitive information. For example, a user may want to share a file with only three other users, but he may not wish to reveal to everyone the identities of those three users.

To facilitate this privacy requirement, the ACL is stored in two parts. The complete ACL contains the list of required attributes and their required values. This is stored internally on the LionShare peer sharing the file. Publicly, only the list of required attributes is revealed; this list is stored in the file's metadata, which is public. This two-part ACL allows a user requesting a protected file to retrieve the appropriate attribute assertions from his home institution and protects the privacy of the user sharing the file.