The IT Law Wiki


An access control service

[is a] security service that protects against a system entity using a system resource in a way not authorized by the system's security policy.[1]
provides means to ensure that resources are accessed by subjects only in an authorized manner. Resources concerned may be the physical system, the system software, applications and data. [2]


"The access control service can be defined and implemented at different levels of granularity in the TMN: at agent level, object level or attribute level. The limitations of access are laid out in access control information: the means to determine which entities are authorized to have access; what kind of access is allowed (reading, writing, modifying, creating, deleting).[3]