34,333
edits
Changes
no edit summary
== An Overview of Access Control ==
The term ''Access Control'' is something of an ambiguous term. To some it could be interpreted as controlling the access to a system from an external source (for example controlling the login process via which users gain access to a server or desktop system). In fact, such access control is actually referred to as ''Authentication'' or ''Idendity Identity Verification'' and is not what is meant by ''Access Control'' in this context (authentication is covered in detail in the [[Security+ - Authentication and Identity Verification|Authentication and Identity Verification]] chapter of this book).
The term ''Access Control'' actually refers to the control over access to system resources ''after'' a user's account credentials and identity have been authenticated and access to the system granted. For example, a particular user, or group of users, might only be permitted access to certain files after logging into a system, while simultaneously being denied access to all other resources.
