Access Control

Access control is a matter of who, where, and when. An access control system determines who is allowed to enter or exit, where they are allowed to exit or enter, and when they are allowed to enter or exit. Historically, this was partially accomplished through keys and locks. When a door is locked, only someone with a key can enter through the door, depending on how the lock is configured. Mechanical locks and keys do not allow restriction of the key holder to specific times or dates. Mechanical locks and keys do not provide records of the key used on any specific door, and the keys can be easily copied or transferred to an unauthorized person. When a mechanical key is lost or the key holder is no longer authorized to use the protected area, the locks must be re-keyed

In computer security ( , general access control includes authorization ( , authentication ( , access approval, and audit ( A more narrow definition of access control would cover only access approval, whereby the system makes a decision to grant or reject an access request from an already authenticated subject, based on what the subject is authorized to access. Authentication and access control are often combined into a single operation, so that access is approved based on successful authentication, or based on an anonymous access token. Authentication methods and tokens include passwords ( , bio metric scans, physical keys ( , electronic keys and devices, hidden paths, social barriers, and monitoring by humans and automated system
Access control systems provide the essential services of authorization, identification and authentication (I&A), access approval, and accountability where:citation needed (

· authorization specifies what a subject can do

· identification and authentication ensure that only legitimate subjects can log on to a system

· access approval grants access during operations, by association of users with the resources that they are allowed to access, based on the authorization policy

· accountability identifies what a subject (or all subjects associated with a user) did



Single Location

Multiple Locations