Overview#Access Control (or Privilege Management) is a process where an Authoritative Entity (Trustor) who grants a permission to a Trustee
Access Control is typically implemented within an Access Control Service
Access Control decides "Who" can do "What" on which Resourcees
The action of Access Control may be referred to as Resource Provisioning
Access Control may (and probably should) use a Policy Based Management System
Access Control Importance#Access Control is the primary reason we perform all of the following activities:
Access Control Process#Access Control is defined within a Access Control Policy and enforced by a Policy Enforcement Point based on the decision from the the Policy Decision Point which has acquired information from a Policy Retrieval Point and Policy Information Points. Logical Access Control term originated as a counter to Physical Access Control Access Control Models for implementation of Access Control. LDAP server, an Access Control provides a mechanism for restricting who can get access to various kinds of data within the DIT.
The Access Control provider may be used to control a number of things, including:
- Whether or not a DUA can retrieve an LDAP Entry from the DIT.
- Which attributes within the LDAP Entry the DUA is allowed to retrieve.
- Which values of an attribute the DUA is allowed to retrieve.
- The ways in which the DUA is able to manipulate DIB for the directory.
A number of things can be taken into account when making Access Control decisions, including:
- The DN as whom the user is authenticated.
- The Authentication Method by which the client authenticated to the DSA.
- Any groups in which that user is a member.
- The contents of the authenticated LDAP Entry
- The contents of the Target Resource LDAP Entry.
- The address of the DUA system.
- Whether or not the communication between the client and server is secure.
- The time of day and/or day of week of the attempt.
See the documentation for details on the Access Control syntax used by the LDAP Server Implementation vendor.unauthorized access.
2. (I) A process by which use of system resources is regulated according to a security policy and is permitted only by authorized entities (users, programs, processes, or other systems) according to that policy. (See: access, access control service, computer security, Discretionary Access Control, Mandatory Access Control, Role Based Access Control.)
3. (I) /formal model/ Limitations on interactions between subjects and objects in an information system.
4. (O) "The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner." I7498-2
5. (O) /U.S. Government/ A system using physical, electronic, or human controls to identify or admit personnel with properly authorized access to a SCIF.OpenDS is one we are aware, also provides a Privilege Management Infrastructure that can be used to control what a user will be allowed to do. One of the privileges available is the "bypass-acl" privilege, which can be used to allow that DUA to bypass any restrictions that the Access Control subsystem would otherwise enforce. WEB Access Management are Access Control products that are specific to WEB Access Control.
More Information#There might be more information for this subject on one of the following:
- API Management
- API Service Delivery
- Access Control Engine
- Access Control Entry
- Access Control List
- Access Control Models
- Access Control Policy
- Access Log
- Access Proxy
- Access Token
- Adaptive Policy-based Access Management
- Authorization Header
- Best Practices for LDAP Security
- Cloud Access Security Broker
- Context Based Access Control
- Cross-site scripting
- Data Classification
- Data Protection
- Device Inventory Service
- Digital Context
- Digital Rights Management
- Discretionary Access Control
- Enterprise Directory
- GCP ACL
- GCP IAM Policy
- GCP Identity
- GCP Storage Products
- Geneva Framework
- Glossary Of LDAP And Directory Terminology
- Google Cloud IAM
- Google Cloud Storage
- Graded Authentication
- HTTP Authentication Framework
- IDSA Integration Framework
- IMA Policies
- ISO 10181-3
- Identity Aware Proxy
- Identity Credential and Access Management
- Identity Lifecycle Management
- Identity Management
- Identity and Access Management
- JSPWiki Permission
- Java Authentication and Authorization Service
- LDAP Authentication
- Life Management Platform
- Logical Access Control
- NAM Access Manager
- NDS Authentication
- NIST.SP.800 Computer Security
- Non Permissioned System
- OAuth Scope Example
- Object ACL
- Open Policy Agent
- Oracle Access Manager
- Password Administrator
- Password Management
- Password Policy Administrator
- Payment Card Industry Data Security Standard
- Permissioned Systems
- Permissionless System
- Physical Access Control
- Policy Access Decision Management Engine
- Primary Access Token
- Privilege Conflict
- Privilege Management
- Privileged Access Management
- Privileged Account
- Protected Data
- RBAC vs ABAC
- Real Risk
- Resource Inventory Service
- Resource Provisioning
- Resource Server
- SOC 2
- Security Token Service
- Sensitive But Unclassified
- Session Management
- Subscriber Identification Module
- Technical Positions Statements
- Unvalidated redirects and forwards
- User-Managed Access
- User-centric Identity
- Vendor Relationship Management
- Web Blog_blogentry_010117_1
- Web Blog_blogentry_010317_1
- Web Blog_blogentry_030117_1
- Web Blog_blogentry_031017_1
- Web Blog_blogentry_070817_1
- Web Blog_blogentry_230717_1
- Web Blog_blogentry_280717_1
- Web Blog_blogentry_300717_1
- Zero Trust
[#1] Loosely adapted from http://en.wikipedia.org/wiki/Access_control - 2012-09-30