Glossary: Access control

This glossary covers essential cybersecurity and password management terminology from password policies and zero-knowledge encryption to RBAC, API authentication, and compliance frameworks like GDPR and SOC 2.

Access control — a security mechanisms that regulate who can view, use, or modify resources in computing environments, determining which users, applications, or devices can access specific data, systems, or functions. Access control models include discretionary access control (DAC), mandatory access control (MAC), role-based access control (RBAC), and attribute-based access control (ABAC).

Effective access control implements authentication to verify identity, authorization to determine permissions, and auditing to track access activities. Organizations deploy access control to protect sensitive data, prevent unauthorized access, enforce security policies, and maintain compliance with regulations.

Access request — a formal process where users request permissions to resources, applications, or data they don't currently have, typically requiring approval from resource owners or managers. Access request workflows include submission forms capturing business justification, automated routing to appropriate approvers, approval or denial decisions, and automatic provisioning upon approval.

Access requests may include time-limited access, emergency access procedures, and recertification requirements. Modern access request solutions integrate with identity management systems, support multi-level approvals, and provide dashboards tracking request status and approval metrics.

Activity log — a system that records user actions, system events, and operational activities within applications and infrastructure, providing visibility into who did what and when. Activity logs capture login events, file access, configuration changes, permission modifications, data exports, and administrative actions. Activity logs support security monitoring by identifying suspicious behavior, unauthorized access attempts, and policy violations.

Activity logging includes detailed event information, timestamps, user identification, contextual data, and integration with security information and event management (SIEM) systems for real-time monitoring and alerting.

Approval workflow — an automated process routing access requests, permission changes, or privileged operations through defined approval steps before execution, ensuring proper authorization and oversight. Approval workflows define approval chains, escalation procedures, timeout policies, and conditional routing based on risk levels or resource sensitivity. Multi-level approval workflows may require manager approval, resource owner consent, and security team review for high-risk access.

Approval workflows support compliance by documenting authorization decisions, enforce segregation of duties, prevent unauthorized access, and provide audit trails.

Audit trail — a chronological record documenting system activities, user actions, access events, and configuration changes for security monitoring, compliance, and investigation. Audit trails capture who performed actions, what was done, when events occurred, where activities happened, and why changes were made. Comprehensive audit trails track authentication attempts, permission changes, data access, privileged operations, and security events.

Organizations maintain audit trails to detect security incidents, investigate breaches, demonstrate compliance with regulations (SOC 2, HIPAA, GDPR, PCI DSS), support forensic analysis, and provide accountability.

Least privilege — a fundamental security principle requiring users, applications, and processes receive only the minimum access permissions necessary to perform their legitimate functions. Implementing least privilege reduces attack surfaces by limiting potential damage from compromised accounts, insider threats, or application vulnerabilities.

Least privilege supports compliance requirements, prevents lateral movement during security incidents, and minimizes risks from credential compromise or privilege abuse.

Permission management — the process of defining, assigning, reviewing, and revoking access rights that determine what users can do with resources, applications, and data. Permission management encompasses creating permission structures, assigning permissions to users or roles, implementing approval workflows, conducting access reviews, and auditing permission usage.

Organizations implement permission management to enforce least privilege, prevent unauthorized access, maintain compliance, support segregation of duties, and provide audit trails. Modern permission management solutions offer automated workflows, self-service access requests, time-limited permissions, and analytics identifying permission anomalies or excessive access.

Privileged access management (PAM) — a set of security strategies and technologies for controlling, monitoring, and auditing privileged accounts with elevated permissions to critical systems and data. PAM solutions manage administrator accounts, service accounts, root access, and other high-privilege credentials that pose significant security risks if compromised.

Businesses use PAM to prevent insider threats, detect unauthorized privileged access, meet compliance requirements (PCI DSS, SOC 2, HIPAA), reduce attack surfaces, and protect against ransomware and advanced persistent threats.

Role-based access control (RBAC) — an access management approach that assigns permissions to users based on their organizational roles rather than individual identities. RBAC simplifies permission management by grouping users into roles (administrator, developer, auditor) with predefined access rights to resources and systems. Users inherit permissions from assigned roles, enabling consistent access control across applications and infrastructure.

RBAC reduces administrative overhead, minimizes errors from manual permission assignments, supports compliance through documented role definitions, and enforces the principle of least privilege.

Shared folder — a network-accessible directory where multiple users can store, access, and collaborate on files with controlled permissions determining who can view, edit, or delete contents. Shared folders enable team collaboration while maintaining security through access controls, encryption, and audit logging.

Use cases: Departmental file storage, project collaboration, document management, and centralized data repositories.

Team management — the process of organizing users into groups, assigning collective permissions, and managing access rights for departments, projects, or functional teams. Team management simplifies administration by applying access policies to groups rather than individual users, enabling efficient permission management at scale. Team management features include creating team hierarchies, assigning team administrators, managing team membership, setting team-level permissions, and providing team-specific resources.

Effective team management supports collaboration while maintaining security boundaries, enables delegation of administrative tasks, streamlines access provisioning, and provides visibility into team access patterns for compliance and security monitoring.

User groups — collections of users organized by common characteristics, roles, departments, or access requirements, enabling efficient permission management through collective access assignments. User groups simplify administration by applying permissions, policies, and configurations to groups rather than individual users. Group-based access control supports role-based access control (RBAC) implementations, enables consistent security policies, reduces administrative overhead, and minimizes permission errors.

Organizations create user groups for departments (finance, engineering), functions (administrators, developers), projects, or locations. User group management includes clear naming conventions, documented group purposes, regular membership reviews, nested group support, and integration with identity providers for automated group assignment.

User provisioning — the automated process of creating, managing, and deprovisioning user accounts and access permissions across applications, systems, and resources throughout the employee lifecycle. User provisioning includes onboarding new users with appropriate access, modifying permissions when roles change, and removing access when employees leave. Automated provisioning integrates identity management systems with applications through APIs, SCIM protocol, or directory synchronization.

Pros: reduced manual administrative tasks, consistent access policies, accelerated onboarding, compliance support through documented processes, and minimized security risks from delayed deprovisioning or excessive permissions.