Access Control System
(Redirected from Permission System)
Jump to navigation
Jump to search
An Access Control System is a security system that manages access permissions to protected resources through authorization mechanisms.
- AKA: Permission System, Authorization System, Access Management System, Security Control System.
- Context:
- It can typically enforce Authentication through identity verification.
- It can typically manage Authorization via permission rules.
- It can typically implement Access Policys with security constraints.
- It can typically maintain Audit Trails using access logs.
- It can typically control Resource Access through access decisions.
- ...
- It can often provide Role-Based Access via role assignments.
- It can often support Attribute-Based Access through attribute evaluation.
- It can often enable Multi-Factor Authentication with verification layers.
- It can often implement Single Sign-On using identity federation.
- ...
- It can range from being a Simple Access Control System to being a Complex Access Control System, depending on its control sophistication.
- It can range from being a Discretionary Access Control System to being a Mandatory Access Control System, depending on its policy enforcement.
- It can range from being a Physical Access Control System to being a Logical Access Control System, depending on its resource type.
- It can range from being a Centralized Access Control System to being a Distributed Access Control System, depending on its architecture model.
- ...
- It can integrate with Identity Providers for user authentication.
- It can connect to Directory Services for user management.
- It can interface with Security Information Systems for threat detection.
- It can support Compliance Systems through audit reporting.
- It can enable Applications via security APIs.
- ...
- Example(s):
- Role-Based Access Control Systems, such as:
- Attribute-Based Access Control Systems, such as:
- Repository Access Control Systems, such as:
- Network Access Control Systems, such as:
- Physical Access Control Systems, such as:
- ...
- Counter-Example(s):
- Open System, which lacks access restriction.
- Public Resource, which lacks authentication requirement.
- Anonymous Service, which lacks user identification.
- Unrestricted Network, which lacks access control.
- Shared Password, which lacks individual accountability.
- See: Security System, Authentication, Authorization, Identity Management, Role-Based Access Control, Security Policy, Audit System.