access-control - Concepts
Explore concepts tagged with "access-control"
Total concepts: 18
Concepts
- Role-Based Access Control - Access control method that assigns permissions to roles rather than individuals, simplifying security management
- Insider Threat - Security risks originating from people within an organization who misuse their authorized access.
- Four Eyes Principle - Control mechanism requiring two people to approve critical actions, preventing unilateral decisions
- Need-to-Know Principle - Security principle restricting information access to only those who require it for their specific duties
- API Key - A secret token issued by a service to identify and authenticate the caller of an API request.
- Key Rotation - The practice of periodically replacing cryptographic or API keys with new ones to limit the impact of undetected compromise.
- Authorization - The process of determining what actions or resources an authenticated entity is permitted to access
- Separation of Duties - Security principle requiring multiple people to complete critical tasks, preventing fraud and errors by one individual
- Least Privilege - The principle of giving users and systems only the minimum access rights needed to perform their tasks
- Secrets Management - The practice and tooling for safely storing, distributing, accessing, and auditing application secrets like API keys, database passwords, and tokens.
- Key Management - The discipline of generating, storing, distributing, rotating, and retiring cryptographic and API keys safely across their entire lifecycle.
- Multi-Factor Authentication - A security method requiring two or more verification factors to prove identity before granting access.
- Zero Trust - Security model that requires strict verification for every user and device, regardless of network location
- Confused Deputy - A security vulnerability where a trusted program is tricked into misusing its authority on behalf of an attacker.
- Authentication - The process of verifying the identity of a user, device, or system before granting access
- Two-Factor Authentication - A security process requiring exactly two different authentication factors to verify identity before granting access.
- Privilege Escalation - Exploiting vulnerabilities to gain higher access levels than originally authorized.
- OAuth - An open standard for delegated authorization that lets users grant third-party applications scoped access to their accounts without sharing passwords.
← Back to all concepts