What Is Access Control?
Learn about the purpose of access control in managing authorization for resources, information, and data within organizations.
![[Featured image] A learner is researching access control on their laptop.](https://d3njjcbhbojbot.cloudfront.net/api/utilities/v1/imageproxy/https://images.ctfassets.net/wp1lcwdav1p1/4F35aQw6Iu0GMnY11s4P24/f9047d7ba23bba6fed0f6b6b5706b2aa/8nmk68wm6qqq9jn58883cvb8.png?w=1500&h=680&q=60&fit=fill&f=faces&fm=jpg&fl=progressive&auto=format%2Ccompress&dpr=1&w=1000)
The process of access control enables companies to ensure only authorized users have access to data, as well as determines the levels of access users have. By requiring authentication, organizations are able to limit access to confidential information such as intellectual property, personal information, or customer data. Access control is crucial when it comes to limiting cyber threats through data breaches, phishing attacks, and other attack vectors.
Importance of authentication and authorization in access control
Both authentication and authorization play an important role in the access control process. Authentication requires users to provide information to log in to a system, such as an email. Through authentication, the system is able to validate the identity of the user. The next step of authorization determines the specifics of a user's access based on the security policy, reducing the risk of fraud.
Read more: Information Technology (IT) Terms: A to Z Glossary
Common types of access control
Numerous types of access control models exist and provide different methods for managing access to information. Here are four of the most common types of access control:
Discretionary access control (DAC): Within DAC systems, all information or objects within a system have a user who owns the information and is able to assign specific access rights. Users who receive access can then choose to grant access to other users.
Mandatory access control (MAC): Mandatory access control is an especially strict system where access is determined by a system administrator. In this system, users don’t have the ability to grant access. This model is commonly used by the government, and users have varying levels of clearance or tiers.
Attribute-based access control (ABAC): Attribute-based access control manages access by evaluating numerous attributes, and it is highly flexible. ABAC considers a combination of different attributes and characteristics, as well as certain environmental conditions like the time of day.
Role-based access control (RBAC): In role-based access control systems, user access has limits that depend entirely on what is necessary based on their role within the organization. In the event a user were to change positions within an organization, the system administrator adjusts access to reflect the needs of their current role.
Related terms
Authentication
Public key
Cybersecurity
Learn more about access control with Coursera
If you’re ready to get started in information technology, consider earning a Google IT Support Professional Certificateon Coursera. Learn more about performing IT tasks and using systems such as Linux, as well as troubleshooting and debugging. With this program, you’ll learn in-demand skills to be job ready for a career in IT.
Keep reading
Coursera Staff
Editorial Team
Coursera’s editorial team is comprised of highly experienced professional editors, writers, and fact...
This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.