An access control matrix is a fundamental security mechanism in cybersecurity that serves as a conceptual framework for defining and enforcing access rights across digital assets. It operates as a table that maps subjects (such as users, groups, or processes) to objects (like files, databases, network services, or hardware resources), specifying the exact permissions each subject has for every object. For example, a user might have read-only access to one file but full read/write permissions for another, demonstrating the granular control this framework provides.

When an entity attempts to access a resource, the system consults this matrix to make authorization decisions based on predefined policies. By precisely dictating who can perform what actions on which resources, the access control matrix upholds critical security principles including least privilege and separation of duties. This mechanism is essential for ensuring data confidentiality, integrity, and availability, ultimately strengthening an organization's overall security posture and protecting critical infrastructure from unauthorized access.