Implementing Access Controls

            Access controls are implemented through a variety of methods
            ranging from physical security measures such as locks and
            guards, access control lists, capability tables, and directories.



            Access Control Lists and Matrices
            As one of the most common forms of access control for
            information systems, an access control list is quite simply a list
            of the rights or permissions granted to a subject to an object. In
            most cases, it is a list of all objects and what permissions various
            subjects would have to read, write, execute or delete that object.

            This can be written in a list or in a table that shows the
            relationships between all the subjects and objects.
            The list can also be created from the perspective of the user,
            which states what rights a user would have - for example, what
            files or applications can they access. These are frequently called
            capability tables.

            A directory is a type of access control list that often groups users
            together that have similar access requirements.



            Rule-Based Access Control

            Firewalls are an example of a rule-based access control system.
            A firewall has clear, explicit rules about what types of traffic it
            will allow or disallow. These rules are then enforced to all the
            traffic going through that firewall. A similar approach can be
            used with access controls to a system or network. Rules that will