System administrators, help desk personnel and other information technology (IT) workers need access to computer systems that they support. However, occasionally they modify installed programs, data, or configurations, which damages the computer system or the programs or the data it contains, or is otherwise not beneficial. Known techniques limit the types of commands that such personnel are authorized to perform. For example, a help desk personnel without admin or root authority typically cannot change access permission of himself or herself or another IT worker. Some access control is based on an access control table which lists which applications or data files each authorized person can access and whether the access is to write or read only. It was known to limit access based on time of day, for example, during the normal shift hours of the authorized personnel.
Access control to a sensitive IT environment is also controlled to prevent intentional attacks/intrusions while allowing authorized people access. In order to properly manage business critical services, IT systems and services are locked down during specific times (e.g., during a peak business season). Locking down a system may employ change control, access control, monitoring control, hardening control, and/or event control and response. Existing automated access control systems provide conjoint access control (e.g., biometric authentication via a thumb print scan and a retina scan) and can utilize both physical and logical identity management techniques.
Mike Meyers' CISSP Certification Passport, Chapter 2—Access Control, by Shon Harris, 2002 teaches access control models and access control techniques. The access control models include discretionary access control (DAC) models, mandatory access control (MAC) models, and role-based access control (RBAC) (i.e., nondiscretionary) models. A DAC model allows owners of resources in an organization to control who accesses the resources and what operations can be performed on the resources, and is typically implemented through access control lists that grant permission to access the resources on a need-to-know basis. A user's access to resources in a DAC model is based entirely on the identity of the user or a role that the user plays within the organization. A MAC model compares a subject's clearance and need-to-know to a classification of a resource to either grant or disallow access to the resource. Every resource in a MAC model has a security label, which includes classification information (e.g., top secret, secret, etc.). In order to access a resource, the subject's clearance must be equal to or greater than the resource's classification. The security label also includes categories for which a subject must have a need-to-know before access to the resource can be granted. An RBAC model makes decisions about granting access to resources based on the rights and permissions assigned to a role or a group. Administrators create roles or groups and assign access rights and permissions to each role or group, instead of directly to the user. A user that is placed into a role inherits the permissions and access rights from the role. Different access control techniques work within the aforementioned models, and include restricted interfaces, access control matrices, and content-dependent access control. One type of restricted interface utilizes a user profile to dictate what icons, menus, applications, commands, and functionality is available within the user's environment. Another type of restricted interface is a database view, which shows a user only the information within a database that the user has access rights to view. Yet another type of restricted interface is a physically constrained interface of a system (e.g., automated teller machine) which presents users with buttons only for specific functions, without allowing access to other capabilities of the system. An access control matrix uses a capability table and an access control list to associate access permissions of a user to a resource. Content-dependent access control grants access to a resource based on the specific content of the resource that a user is trying to access. The above-mentioned access control models and techniques can utilize more granular access control types: (1) physical location (i.e., allow a user to access a resource only if the user has interactively logged in to a computer to indicate that the user is physically at a computer and not logged in remotely); (2) logical location (i.e., restrict access to a resource by an IP address, which is a logical location on a network); (3) time of day (i.e., allow access to a resource between specific hours of the day and specific days of the week); and/or (4) transaction type (i.e., restrict access to a resource based on the type of an operation that is requested to be carried out).