Logical Access Controls
These access modes are described generically; exact definitions and capabilities will vary from
implementation to implementation.
Readers are advised to consult their system and application documentation.
"Deleting" information does not necessarily physically remove the data from the storage media.
have serious implications for information that must be kept confidential.
See "Disposition of Sensitive Automated
Information," CSL Bulletin, NIST, October 1992.
include the following:
access provides users with the capability to view information in a system resource (such
as a file, certain records, certain fields, or some combination thereof), but not to
as delete from, add to, or modify in any way.
One must assume that information can be
copied and printed if it can be read (although perhaps only manually, such as by using a print
screen function and retyping the information into another file).
access allows users to add to, modify, or delete information in system resources (e.g.,
files, records, programs).
Normally user have read access to anything they have write access
privilege allows users to run programs.
access allows users to erase system resources (e.g., files, records, fields, programs).
Note that if users have write access but not delete access, they could overwrite the field or
file with gibberish or otherwise inaccurate information and, in effect, delete the information.
Other specialized access modes (more often found in applications) include:
access allows users to create new files, records, or fields.
access allows users to list the files in a directory.
Of course, these criteria can be used in conjunction with one another.
For example, an
organization may give authorized individuals write access to an application at any time from
within the office but only read access during normal working hours if they dial-in.
Depending upon the technical mechanisms available to implement logical access control, a wide
variety of access permissions and restrictions are possible.
No discussion can present all
Policy: The Impetus for Access Controls
Logical access controls are a technical means of implementing
Policy is made by