What is the Purpose of Access Control Matrix?

What is the Purpose of Access Control Matrix?What is the Purpose of Access Control Matrix?
Rebecca Kappel Staff asked 12 months ago

1 Answers
Rebecca Kappel Staff answered 12 months ago
An access control matrix is a table that contains both subjects and objects. Subjects usually refer to people who may need to access objects. Objects are typically files, data, or resources that subjects may need to access. They can also be a system process or a piece of hardware. The information contained in the matrix designates permissions and access levels between subjects and objects. Organizations build access control matrices to ensure authorized access and prevent intentional or unintentional unauthorized access to sensitive data.

The purpose for granting any access corresponds to the three pillars of cyber security: availability, integrity, and confidentiality. Availability measures are those that ensure that users can access a system. Issues such as hardware and software failures, network disconnections, and hacking can influence availability. Integrity refers to measures that ensure that information on a system is not altered intentionally or unintentionally. Confidentiality refers to the measures that are put in place to ensure that information is not misused and that those who are unauthorized do not access information. System administrators usually assign right in an access control matrix, avoiding the possibility that others may tamper with it.

Organizations must have two sets of access control policies governing their two major assets. Physical assets include offices, rooms, and buildings. Logical assets include digital files and resources. 

How an Access Control Matrix Works

In a user permissions matrix, permissions are designated using these five commonly used attributes.

  • Read (R) – Read access permits the subject to open and read the file, but not to edit it in any way.
  • Write (W) – Write access allows the subject to not only read the file but to add or write new content in the file.
  • Delete (D) – Delete permissions are higher level than write permissions. Subjects with delete or edit permissions can delete files or content. 
  • Execute (E) – Execute permission allows a user to execute particular programs.

Dash (-) – A dash in an access control matrix indicates that the subject is prohibited from accessing the object.

Related Content

Man-in-the-Middle Attack

Man-in-the-Middle Attack

What is a Man-in-the-Middle Attack? A Man-in-the-Middle (MitM) attack is a cybersecurity threat where an unauthorized…
Digital Rights Management

Digital Rights Management

What Are Digital Rights? Digital Rights refer to the permissions and restrictions associated with using digital…
Content Disarm and Reconstruction

Content Disarm and Reconstruction

What is Content Disarm and Reconstruction? CDR is a cybersecurity technique that disassembles and reconstructs files…
Skip to content