/ˈæk.sɛs kənˌtroʊl/
noun — "governing who can use resources."
Access Control is a system or methodology used to regulate which users, processes, or devices can interact with resources within computing environments, networks, or information systems. It ensures that only authorized entities are allowed to read, write, execute, or manage specific resources, thereby protecting data integrity, confidentiality, and availability.
Technically, Access Control can be implemented through various models such as Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). Each model defines rules or policies specifying permissions. DAC allows resource owners to assign permissions. MAC enforces policies determined by the system based on sensitivity labels. RBAC assigns permissions to roles rather than individual users, simplifying large-scale management. ABAC evaluates attributes of users, resources, and environmental conditions to make dynamic access decisions.
Core components include authentication, which verifies the identity of users or processes; authorization, which determines what operations the verified entities can perform; and auditing, which logs access attempts for compliance and forensic analysis. Access control mechanisms often integrate with cryptographic systems like EFS to enforce encryption policies at the filesystem or file level.
Operationally, when a user attempts to access a resource, the system first authenticates the identity using credentials such as passwords, tokens, or digital certificates. The access control subsystem then checks the applicable policy to determine if the requested operation is permitted. Denied operations can be logged for auditing purposes. In complex systems, access decisions may involve multiple policy checks across domains, resources, or services, sometimes using centralized directories or identity providers for coordination.
Example of access control logic (conceptual):
if user.role == 'admin' then
permit all actions
else if user.role == 'editor' then
permit read/write on owned files
else
permit read-only access
end if
This example illustrates RBAC, where permissions are assigned based on the user’s role rather than the individual identity.
In practice, Access Control governs everything from operating system file permissions, network firewall rules, database privileges, API endpoints, to cloud resource policies. Proper implementation ensures that sensitive files, encrypted volumes (using FEK), and system resources are protected from unauthorized access while allowing legitimate workflows to proceed efficiently.
Conceptually, Access Control is like a security checkpoint for digital resources: each user or process must present credentials and be validated against rules before proceeding, preventing unauthorized interactions while enabling authorized operations smoothly.
See FEK, EFS, Encryption, Role-Based Access Control.