How To Design an Access Control Matrix for Your Organization

Businessman working online

With the threat of terrorism increasing nowadays, security can't be sacrificed in our establishments, people, documents or information. Providing access control for areas or files will prevent just anyone from modifying, deleting or viewing important or highly-classified items. This restricts their meddling on things that should and does not concern them.

Modern establishments contain an intricate network of access systems, providing ID cards to their staff that can be swiped through an access reader to open an access door or access gate. Examples of establishments implementing access security systems are hotels, casinos, medical laboratories and some offices with strict policies on loitering. Putting these technologies into action requires a proper logistical foundation and careful planning put down onto paper as a diagram, flowchart, matrix, etc.

You can design your own simple access control matrix for your organization. The access matrix provides an abstract yet formal security model that sets the rights of each subject (in our discussion, the people) with respect to every object in the security system such as the access card readers. This will give a clear picture to everyone, especially the security department, as to who can access certain data in the computer or certain areas in the establishment. Here is how:

1.    You can create your design in a spreadsheet whether on paper or on your computer.

2.    Decide your "Subjects," who can use the access devices no matter how little their access is.

List everything or everyone on the first row of your spreadsheet. For the sake of our discussion, let's use two sample cases:

  • In the computer's Windows operating system, the list includes users on admin status, ordinary user and just viewers.
  • In an office that has implemented strict access controls, the list includes security personnel, management staff, and office staff.

3.    On the first column above your Subjects list, enumerate your "Objects" horizontally.

These are the access devices in your system.

  • In Windows, these are the attributes of your computer files such as hide, read-only, etc.
  • In our office setup, these can be the access readers, the card readers, the biometrics installed, the eye-dent devices, or voice-analyzers that are used to open doors or gates and grant access.

4.    The empty spaces in your spreadsheet where a certain Subject and a certain Object will meet as you trace them will contain the procedures that the specific Subject is allowed to do with regards to that specific Object. Here are some examples:

  • In our Windows case, an admin has access to everything in the computer; ordinary users can create, modify, or delete files; and viewers have read-only status and can only view items.
  • In our office environment, security personnel has access to almost all rooms so that they can do spot security checks; a Finance Manager has access to the accounting office, finance office and purchasing office only; and ordinary office staff only have access to their own department areas.

After this, your matrix is ready to be implemented into the security system. Have a systems professional help you design the infrastructures that you require for your organization. However, since your access matrix is the foundation of your security systems, make sure that your design is error-free. Furthermore, update your matrix as needed.

Technologies nowadays have developed ways to strengthen security, which is a vital issue for modern establishments. One of these is the implementation of the complicated network of access control systems, which restrict unauthorized personnel to enter restricted areas or alter documents.


Share this article!

Follow us!

Find more helpful articles: