Computer and Access Control Terminology

Access control what makes network security work. Simply put, access control is the allowing or disallowing of resources and services on a computer system or network. To understand access control, you must first be familiar with some of the terminology.

Terminology:

Actions:

There is a basic process that every type of access control process contains. Sometimes how each step is carried out is different, but still a part of the same general process.

Identification - The review of credentials - A user enters a username

Authentication - The validation of credentials - A user enters a password

Authorization - Permission is granted - The user is allowed to log in
Access - Levels and locations for access is defined - The user is allowed to access some areas but not others

Classifying Cast Members in Security:
It's important to have constant names when referring to different people or resources when it comes to security.

Object - A resource. This is usually a file, collection, or device.

Subject - The user. This can also be a process acting on behalf of a user.

Operation - The action being performed.

Roles:

Different people have different roles and relationships to each object.

Owner - The person responsible for the object. The owner delegates security and access control as needed.

Custodian - This person will periodically review permissions and security settings.

End User - Everyone else, particularly the individual who tries to access the object.

Example:

Jen is accessing a paper on a network called report.doc. She has to sign in with her name and password. Ted is the owner of the object and set it so only managers can read report.doc. Gwen checks the document on occasion to make sure that only managers and no one else can read that document. Jen is a manager so she can access the document.

Who is who in this example?

Jen is the subject because she is the user, or the "main character" in the story. She is also the end user because she is the one accessing report.doc.
The operation being performed is Jen logging in and accessing report.doc. She must identify herself with her username, then enter a password for authentication, is authorized because her username and password is correct, then given access because of what permissions were assigned by the owner.
The report.doc is the object of the example because it is the resource being accessed.

Ted is the owner because he is assigning the privileges for report.doc.
Gwen is the custodian because it is her job to check the permissions of report.doc periodically.