Access control matrix

An access control matrix is a fundamental security framework used in cybersecurity to define and enforce access rights across digital assets. It functions as a table that maps subjects (such as users, groups, or processes) to objects (such as files, databases, network services, or hardware resources), specifying the exact permissions each subject holds for every object. For example, a user might have read-only access to one file but full read/write privileges for another, enabling granular control over resource interactions.

Whenever an entity attempts to access a resource, the system consults the matrix to make an authorization decision based on predefined policies. By precisely dictating who can perform what actions on which resources, the access control matrix upholds critical security principles such as least privilege and separation of duties. This ensures data confidentiality, integrity, and availability, helping organizations protect critical infrastructure from unauthorized access and maintain a robust security architecture.