Menu Close

Access Control

Access Control enables you to control who has access to your premises

Locks and keys allow you to secure your site, but if keys get lost or stolen, the problem of changing locks and keys can be expensive and time consuming. Keys may also be copied without your knowledge causing even more security issues. Electronic access control provides the most efficient and convenient way of securing your building and assets. Installing an access control system means that you will never have to change a lock again. Tokens and or PIN codes are issued to allow access through the controlled doors, and are easily barred from the system if they are lost, stolen or just not returned by someone who leaves your company. Barred tokens will not allow access through the controlled doors.

Once an access control system is installed, all doors controlled by the system will automatically lock when the door is closed. Anyone without a PIN or access token is unable to enter. If necessary, doors may be set to unlock during a designated time frame. Access control can also offer flexible control over users’ access rights. For example, all staff can gain access through the main door of a building, but access to internal areas may be restricted to those who have a specific need to be there. Access may also be restricted by time, only granting access to particular users at certain times of day or night.

We Install Net2 Net2 Plus Net2 Anywhere Paxlock Net2 Entry Switch2 Mifare

The access token contains a SID that identifies the user associated with the thread and SIDs that identify the groups whose members include the user.

The security descriptor contains a DACL with ACEs that specify the access rights allowed or denied to specific users or groups.

The security subsystem checks the object’s DACL, looking for ACEs that apply to the user and group SIDs from the thread’s access token. It steps through each ACE until it finds one that either allows or denies access to the user or one of the user’s groups, or until there are no more ACEs to check. If it comes to the end of the DACL and the thread’s desired access is still not explicitly allowed or denied, the security subsystem denies access to the object. Figure 12.1 illustrates this process.

Figure 12.1 Validating a Request for Access

The order in which ACEs are listed in a DACL is important. For example, an object’s DACL might contain one ACE that allows access to a group and another ACE that denies access to a user who is a member of the group. If access-checking reaches the ACE that allows access to the user’s group before it reaches the ACE that denies access to the user, the user is allowed to access the object. This is clearly not a desirable outcome.

In general, ACEs are listed in what is called canonical order, which places deny ACEs before allow ACEs. When the canonical order is used, an access check processes all ACEs that deny access before any ACE that allows access.

We welcome the challenge of providing a solution to your unusual applications so contact us to discuss your requirements or ideas.