Users can access only those keys which they are authorized to access. In the current release, Safe provides ACL Based Authorization. There is an ACL corresponding to each key and ACLs are stored in a file.
<acls>
<acl>
<key>key</key>
<users>user1,user2</users>
<groups>group1,group2</groups>
</acl>
<acl>
. . .
</acl>
</acls>
It is possible to plug in additional authorization mechanisms.