Access Control

Access control implements the confidentiality principle of the CIA Triad. It involves authentication (verifying identity), authorisation (determining permissions), and accountability (logging access for audit). Common models include Role-Based Access Control (RBAC — permissions assigned to roles), Attribute-Based Access Control (ABAC — permissions based on attributes), and Mandatory Access Control (MAC — enforced by the system). The principle of least privilege states that users should have only the minimum access necessary to perform their job functions.