Access Control
Access control refers to the processes that limit users’ actions and access to resources within a network.
-
Once a user (e.g., Bob) is authenticated by the system, the system must enforce restrictions on what Bob can do.
- For example, Bob should not have access to Charlie’s account information or the ability to install new software without proper authorization.
-
Authorization:
- This is the process of determining which resources a user is permitted to access and what actions they can perform.
-
Access control encompasses both authentication (verifying identity) and authorization (defining access permissions).