Employees of the organization need to access information from time to time on a network, but sometimes they lack the appropriate access to modify or read information. Therefore, they need to be granted privileges by the system administrator. Access control involves identifying individuals doing a certain job, authentication using their identification, and giving that individual allowing them to access what they need only and nothing more. In information security, this involves giving someone permission to access a network through user-name and password. It allows employees to do their job by allowing them access to computers, files, software, and other hardware.
There are several access control approaches, including; Discretionary Access Control, Role-Based Access Control, and Mandatory Access Control. In Discretionary Access Control (DAC), the business owner or the organization decide which employee is given a particular location, digitally or physically. Mandatory Access Control (MAC) is a common approach used by organizations that emphasize data classification and confidentiality. In MAC, end users are classified and permitted access via security. While the Role-Based Access Control (RBAC) approach has recently been in high demand for access control systems. The access is granted by the system administrator in RBAC systems, and is based on the individual’s role within the organization.
There are many Access Control approaches in information security because access privileges differ from one individual to another. So many approaches are there to promote the security of information and data. The Access control differs from one organization to another, the different roles in these organization contributes to the many approaches. Different Access Control approaches unique ways of accessing information, system, or network. The continuous technological advancement requires new and advanced access control approaches.