An allow list controls access to a resource by explicitly iterating accepted input.

For example, a software engineer may choose to allow only alphanumeric characters as input for a username when creating an account on an website.

Compared to deny lists, this approach is generally a more secure strategy because the default action puts greater limits on potentially malicious input.