The role of access control in computer security is quite important and is responsible for determining who is able to access certain types of information. In general, access control is a system designed to control who is able to access a system and the files or information within that system that are available to the user. There are a number of different models that can be used to create this type of system, usually dealing with the way file access is controlled by a system administrator or the users of a system. The role of access control in computer security is closely tied to authentication and authorization of users on a system.
To fully appreciate the role of access control in computer security, it is important to first understand the meaning and purpose of access control. Access control in any type of system is a method by which those who own or control a system can control who is able to gain access to it. The lock on the door of a building, for example, is a simple form of access control, designed to allow the building owner to enter it while preventing access to unauthorized individuals.
When it comes to the role of access control in computer security, this process becomes quite a bit more complicated. The purpose, however, remains the same: to allow authorized users to gain access to certain systems or files, while preventing others from doing so. Multiple systems can be utilized to allow some people to have access to part of a system, while granting greater access to other individuals.
A mandatory access control (MAC) system, for example, allows the system and the administrator or owner to control who has access to what information. This can be done in a few different ways, such as setting different roles that can access certain aspects of a system and then assigning those roles to different users. MAC systems can also provide users with access to parts of a system on an individual basis. There are also discretionary access control (DAC) systems that can be used, in which users are able to control who can access the files or data they own or control; this type of system is often used in social networking and file sharing systems.
The basic role of access control in computer security is to dictate what users qualify during authentication and authorization. Authentication is a process by which different potential users have to authenticate their identities, typically through a username and password. Once users are authenticated, then authorization can proceed, in which these identified users are granted access to certain systems. This entire process is used to create a system of access control by which users are identified and then given access to appropriate systems, while unauthorized users are not.