Access Control

Authentication & Authorization 🔐 • Governance (GRC) 📜 • Sec+ Glossary 📖 • Difficulty: free

What is Access Control?

Access control is the process of deciding who or what is allowed to access systems, data, and resources, and what actions they are permitted to perform.

Examples

An employee can view customer records in a business application, but only managers can edit or delete them.
A user must sign in with multifactor authentication before accessing a cloud dashboard that contains sensitive company data.

Discover 🔎

Security is not only about keeping attackers out. It is also about making sure legitimate users do not receive more access than they should. Every organization has files, systems, applications, networks, rooms, and services that should not be open to everyone equally. Someone has to decide who gets in, what they can do once inside, and where the boundaries are.

That is the purpose of access control. It provides the structure that turns trust into rules. Instead of relying on assumption or convenience, the organization defines which identities can reach which resources and what actions are allowed there. Without that structure, access becomes inconsistent, excessive, and difficult to govern.

Remember: Access control is not just about blocking people. It is about assigning the right level of access to the right identities for the right reasons.

Summary 📝

Access control is the discipline of deciding and enforcing who can access resources and what they can do with them. It applies across both digital and physical environments and relies on authentication, authorization, enforcement, and review. Its main value is that it turns trust into structured, manageable rules so access is based on real need rather than assumption or convenience.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.