Access Control


Access Control (or Privilege Management) is a process where an Authoritative Entity (Trustor) who grants a permission to a Trustee

Access Control is typically implemented within an Access Control Service

Access Control is the process handling Authorization for Access to a Resource

Access Control decides "Who" can do "What" on which Resourcees

Access Control is the process of determining Authorization of a Permission.

Access Control is most concerned with controlling access to a Protected Resource and limiting Risk

The action of Access Control may be referred to as Resource Provisioning

Access Control may utilize an Access Control List (ACL)

Access Control may (and probably should) use a Policy Based Management System

Access Control Importance#

Access Control is the primary reason we perform all of the following activities:

Access Control Process#

Access Control is defined within a Access Control Policy and enforced by a Policy Enforcement Point based on the decision from the the Policy Decision Point which has acquired information from a Policy Retrieval Point and Policy Information Points.

Logical Access Control #

Logical Access Control term originated as a counter to Physical Access Control

Access Control Models #

There are many Access Control Models for implementation of Access Control.

LDAP servers#

For an LDAP server, an Access Control provides a mechanism for restricting who can get access to various kinds of data within the DIT.

The Access Control provider may be used to control a number of things, including:

A number of things can be taken into account when making Access Control decisions, including:

See the documentation for details on the Access Control syntax used by the LDAP Server Implementation vendor.

Internet Security Glossary (RFC 4949)#

Access Control is Protection of system resources against unauthorized access.

2. (I) A process by which use of system resources is regulated according to a security policy and is permitted only by authorized entities (users, programs, processes, or other systems) according to that policy. (See: access, access control service, computer security, Discretionary Access Control, Mandatory Access Control, Role Based Access Control.)

3. (I) /formal model/ Limitations on interactions between subjects and objects in an information system.

4. (O) "The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner." I7498-2

5. (O) /U.S. Government/ A system using physical, electronic, or human controls to identify or admit personnel with properly authorized access to a SCIF.


In addition to the Access Control subsystem, some implementations, OpenDS is one we are aware, also provides a Privilege Management Infrastructure that can be used to control what a user will be allowed to do. One of the privileges available is the "bypass-acl" privilege, which can be used to allow that DUA to bypass any restrictions that the Access Control subsystem would otherwise enforce.

WEB Access Management#

WEB Access Management are Access Control products that are specific to WEB Access Control.

More Information#

There might be more information for this subject on one of the following:
[#1] Loosely adapted from http://en.wikipedia.org/wiki/Access_control - 2012-09-30