In an enterprise server environment having a uniform resource locator (URL) access management and control system. The server includes a user authentication logic to authenticate users attempting to connect to the server to access URL file and directories residing in the server. In one embodiment of the present invention, the user is provided with an identification token and a user URL access policy which allows the user's credentials to be validated and permitted access to a list of URLs in the directory server. In one embodiment of the present invention, a URL access enforcement logic uses the user's URL access policy to determine which URLs in the directory server a user may or may not access. The user's URL access policy may include an access deny or an access allow value which respectively denies or allows the user access to particular URL.