In Windows Server, there are two types of Access Control List (ACL). These are:
In the absence of a DACL, any user can access an object. However, when a DACL is applied to an object, access to the object is controlled by Access Control Entries (ACE) in the DACL. The Windows Server DACL implements a Discretionary Access Control (DAC) model. However, if joined to an Active Directory domain, DACLs can equally well implement a Role- or Rule-Based Access Control (RBAC) model.
SACLs exist for system auditing purposes. SACLs allow administrators to track who has viewed or tried to view a file.
Reference:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa446597(v=vs.85).aspx