Security Glossary

Access Control

The methods and technologies used to determine who can access what resources, under what conditions. It's the mechanism that sits between a user and a system and decides: "Should this person be allowed to do this?"

Access control works by evaluating an individual's identity, their roles or group memberships, and any policies or rules in place. It includes both authentication (verifying who the user is) and authorization (defining what that user is allowed to access).

Common models of access control include:

  • Role-Based Access Control (RBAC): Access is granted based on job roles.
  • Discretionary Access Control (DAC): Resource owners define who can access their data.
  • Mandatory Access Control (MAC): Access is enforced through strict system rules, often in regulated environments.
  • Attribute-Based Access Control (ABAC): Access is based on attributes like department, time of day, or location.

In an SMB context, access control might mean making sure only the finance team can open accounting software, or ensuring that only managers can see certain HR records. Good access control reduces the risk of both mistakes and malicious behavior by limiting access to only what's necessary.

Category:
Access Control & Identity Management
Let's Talk

Simplify your security, strengthen your business.

Not sure where to start? Book your free 15-minute chat and we’ll guide you through it.

Book a Call