Access Control
Definition
Access control is the process of defining and enforcing who is allowed to access specific resources, systems, or data, and under what conditions.
Examples
- An employee can access HR documents, but not financial records, based on their role.
- A user must log in with a password and receive approval before accessing a secure server.
Overview
Access control is a fundamental concept in cybersecurity that governs how users and systems are permitted to interact with digital resources. It ensures that only authorized individuals or processes can view, modify, or use data and systems, and that those permissions align with organizational policy.
Effective access control helps enforce the principle of least privilege, restricts lateral movement in networks, and protects sensitive data from misuse or exposure. Access control is used in nearly every part of an IT environment — from operating systems and databases to cloud platforms and physical security systems.
Tip: The interactive version includes progress tracking, decks, and premium deep dives.