Access Control is any mechanism by which a system grants or revokes the right to access some data, or perform some action. Normally, a user must first Login to a system, using some authentication system. Next, the Access Control mechanism controls what operations the user may or may not make by comparing the User ID to an Access Control database.

Access Control systems include:

  • File permissions, such as create, read, edit or delete on a file server.
  • Program permissions, such as the right to execute a program on an application server.
  • Data rights, such as the right to retrieve or update information in a database.

Return to IT Security Concepts