Many Businesses use IT to manage their accounts, documents and decision-making. It is, therefore important that Access Control be implemented in Organisations to prevent unwanted modification or prying eyes from being able to commit computer crimes, such as the ones outlined in the Computer Misuse Act. Using Access Control can prevent these people and operational staff from being able to modify information that otherwise is not their place to edit. Some common implementations of Access Control could be limiting the information available to a customer about Transaction Processing Systems or Management Information Systems not allowing Managers access to manufacturer prices.
Access Control in Strategic, Tactical and Operational Management
In order to implement these features a common method of maintaining strict control is through a permissions model, where it is outlined to the computer what permissions a login has access to, such that they are able (like a file system) to edit, read or write a file or piece of information. Here are some common examples of Access Control;
- A Supermarket Employee is not able to alter the price of products.
- A Manager is not able to create new users for a MIS (Management Information System).
- A DSS (Decision Support System) is not able to commit to a higher level of privilege without presenting documentation proving that that decision is possible, a good example of this could be a bank requiring an account number to confirm that the account is active before allowing the employee to make changes or a support agent requiring a pin from a customer before being allowed to view the customers details.
The three levels of control is a common (but not de-facto) model for systems management, however often these levels of tasks can become obscured by other factors. These tasks can often be divided up among IT departments in formal organisations, such as ‘Ops’ and ‘Licencing’. The use of Access Control can be used to coordinate effective ICT teamwork on large projects and in other departments, such as accounting.