Access Control

Why Trust Techopedia

What Does Access Control Mean?

Access control is a way of limiting access to a system or to physical or virtual resources. In computing, access control is a process by which users are granted access and certain privileges to systems, resources or information.

Advertisements

In access control systems, users must present credentials before they can be granted access. In physical systems, these credentials may come in many forms, but credentials that can’t be transferred provide the most security.

Techopedia Explains Access Control

For example, a key card may act as an access control and grant the bearer access to a classified area. Because this credential can be transferred or even stolen, it is not a secure way of handling access control.

A more secure method for access control involves two-factor authentication. The person who desires access must show credentials and a second factor to corroborate identity. The second factor could be an access code, a PIN or even a biometric reading.

There are three factors that can be used for authentication:

  • Something only known to the user, such as a password or PIN
  • Something that is part of the user, such as a fingerprint, retina scan or another biometric measurement
  • Something that belongs to the user, such as a card or a key

For computer security, access control includes the authorization, authentication and audit of the entity trying to gain access. Access control models have a subject and an object. The subject – the human user – is the one trying to gain access to the object – usually the software. In computer systems, an access control list contains a list of permissions and the users to whom these permissions apply. Such data can be viewed by certain people and not by other people and is controlled by access control. This allows an administrator to secure information and set privileges as to what information can be accessed, who can access it and at what time it can be accessed.

Advertisements

Related Terms

Margaret Rouse
Editor

Margaret jest nagradzaną technical writerką, nauczycielką i wykładowczynią. Jest znana z tego, że potrafi w prostych słowach pzybliżyć złożone pojęcia techniczne słuchaczom ze świata biznesu. Od dwudziestu lat jej definicje pojęć z dziedziny IT są publikowane przez Que w encyklopedii terminów technologicznych, a także cytowane w artykułach ukazujących się w New York Times, w magazynie Time, USA Today, ZDNet, a także w magazynach PC i Discovery. Margaret dołączyła do zespołu Techopedii w roku 2011. Margaret lubi pomagać znaleźć wspólny język specjalistom ze świata biznesu i IT. W swojej pracy, jak sama mówi, buduje mosty między tymi dwiema domenami, w ten…