Access control system definition
An access control system is a security system that regulates who can use resources in a particular environment and prevents unauthorized persons from accessing secured physical areas or networks.
Access control systems are centralized (decisions originate at a single point) or decentralized (decisions originate from multiple points within the system). The approach depends on the specific situation.
See also: access control entry, discretionary access control, network access control, mandatory access control, risk-based access control, access management
Examples of an access control system
- Physical access control systems (PACS). Control physical access to buildings or areas within them. They use card readers, biometric systems (like fingerprint or facial recognition), key fobs, or other devices to grant or deny access.
- Logical access control systems. Control access to computer networks, system files, and data. Typical implementations include password-based authentication systems, smart cards, and biometric logins.
- Role-based access control (RBAC). Access is based on the role of the user in an organization. For example, an HR employee might have access to personnel files, but a marketing employee would not.
- Mandatory access control (MAC). Often used in very secure environments like military installations, where access is granted according to rules set by a central authority.
- Discretionary access control (DAC). The owner of the information or resource decides who gets to access it.
- Attribute-based access control (ABAC). Determined by evaluating policies based on user attributes and current environmental conditions.