Back to Glossary
Authentication & AuthorizationHigh

Access Control

A method to ensure only authorized users and systems can access specific resources

Skill Paths:
Identity and Access ManagementAuthorization SystemsSecurity Fundamentals
Job Paths:
Identity and Access Management SpecialistSecurity AnalystSecurity EngineerIT Administrator
Relevant Certifications:
CISSPCompTIA Security+SANS GSECMicrosoft Security Certifications
Content

What is Access Control?

Access Control defines who or what can view or use resources in a computing environment. It's a foundational concept in cybersecurity to prevent unauthorized access to systems and data.

Models of Access

  • Role-Based Access Control (RBAC)
  • Attribute-Based Access Control (ABAC)
  • Mandatory Access Control (MAC)
  • Discretionary Access Control (DAC)

Best Practices

  • Use least privilege
  • Regularly review permissions
  • Log and monitor access events
  • Automate access provisioning
Quick Facts
Severity Level
8/10
Main Models

RBAC, ABAC, MAC, DAC

Tools

IAM, PAM, LDAP

Purpose

Prevent unauthorized access

Example

Finance staff can't access HR systems

Related Terms
RBAC

Assigns access by role

ABAC

Uses attributes for access decisions

Least Privilege

Limits access to what is necessary

Learn More
Access Control Models ExplainedBest Practices for Role Management