We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What Is an Access Control Matrix?

Mary McMahon
By
Updated: May 16, 2024
Views: 18,356
References
Share

An access control matrix is a static delineation of the permissions in a computer system. It has the capacity to provide very fine grained control for particular operations and processes, and can be one component of a computer security system. Tight permissions are useless without firm controls on who and what can edit those permissions, and thus other security measures are needed as well.

Within an access control matrix, anything that a system might need to access, like a file, a piece of hardware, or a process, is known as an object. Subjects like user processes and other files that might need access have varying permissions, known as rights. The matrix lists objects along one axis and subjects along another to provide information about the varying rights assigned to different subjects. Usually the goal is to keep rights limited to reduce the risk of compromise.

For instance, a particular file might only need to be able to read another file. It will only be given reading permissions and cannot make changes to the file. Conversely, a process might need full rights to perform functions like moving files, storing data, or allowing a user to edit a word processing document. The access control matrix does not change unless a technician actively alters a setting; another example can be seen with Internet servers, where the administrator can determine the levels of permissions available to visitors through a matrix.

By limiting capability, a security administrator can reduce the risks that a compromise will occur in a system. When a problem does develop, the administrator can use the access control matrix to find out which entities had the rights necessary to do something like corrupting another file or distributing information without authorization. The tight control can also limit the damage caused by security exploits like hacks into attached external hard drives, as the hacker might not be able to do anything meaningful with that access.

Many systems come with a default access control matrix set to basic security standards. For the purpose of many users, this may be sufficient, and edits may not be advised. Editing could make the system less safe, or create access problems that might limit system functionality. When a technician does need to make changes, that person can review the system and the needs to decide on the best changes to make. If necessary, they can be rolled back to prior settings with a system restore.

Share
EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Link to Sources
Mary McMahon
By Mary McMahon

Ever since she began contributing to the site several years ago, Mary has embraced the exciting challenge of being a EasyTechJunkie researcher and writer. Mary has a liberal arts degree from Goddard College and spends her free time reading, cooking, and exploring the great outdoors.

Discussion Comments
By Charred — On Feb 21, 2012

@David09 - Personally, I found Vista to be very annoying in this regard. It seemed that every time you wanted to launch an application you were prompted and it asked you if you really wanted to launch that application.

I realize this was meant to be a security mechanism to limit unwanted processes (like viruses for example) but it got to be very irritating after a while.

Fortunately I found out I could turn off this mechanism. I prefer to initiate access control restrictions on my own, rather than having the computer assume default controls.

By David09 — On Feb 20, 2012

@Mammmood - You don’t always need formal access control systems if you want to limit edits to a particular document. Many documents let you set them as read only.

This is a feature within the document itself and I believe that it can be password protected, so that another user cannot change the setting. I’ve made both word processing and spreadsheet documents read only and it worked just fine.

I say this because I don’t think that you should bother the system administrator about every little thing. Users should get some training in how to protect their own documents. Leave the big stuff to the system administrator, like protecting entire folders or limiting who can see what parts of the network.

By Mammmood — On Feb 20, 2012

@miriam98 - I suppose that’s okay for your scenario. However in many corporate environments I’ve found that the security access control is more tightly regulated.

We have people in our workplace that can’t even get into certain folders. The administrator has blocked them out. Actually I think it’s a good thing, because there is sensitive data in these folders and you don’t want anyone just poking about and potentially overwriting or deleting data.

If we want these people to have access we can do that however; we just have to submit a request to the system administrator and get approval from our manager.

By miriam98 — On Feb 19, 2012

A good access control matrix example is found in the newer versions of Windows, which impose tight controls on who can launch what application.

I found this out the hard way when, as a software developer, I built a database application for a client. Everything was running file for awhile and then she called and told me she couldn’t launch the program.

At first I thought the trouble was that she didn’t know how to run the program. However, after checking out her system, I found that it was a permissions issue.

Windows blocked her from using that program. To fix it, I had to go into the properties panel for that file, and adjust rights and permissions. I basically gave her all rights (in effect making her an administrator) and this fixed the problem.

Mary McMahon
Mary McMahon

Ever since she began contributing to the site several years ago, Mary has embraced the exciting challenge of being a...

Learn more
Share
https://www.easytechjunkie.com/what-is-an-access-control-matrix.htm
Copy this link
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.