Operating Systemsknowledge~6 mins

Access control matrix in Operating Systems - Full Explanation

Choose your learning style9 modes available

Learn Why Deep Visual Practice Challenge Project Recall Time

Introduction

Imagine you have a big office with many rooms and many employees. You need a clear way to decide who can enter which room and what they can do there. Access control matrix helps solve this problem by organizing permissions between users and resources.

Explanation

Structure of Access Control Matrix

The access control matrix is like a table where each row represents a user or subject, and each column represents a resource or object. The cells in the table show what actions a user can perform on a resource, such as read, write, or execute.

The matrix clearly maps users to their allowed actions on resources.

Subjects and Objects

Subjects are active entities like users or processes that request access. Objects are passive entities like files, devices, or databases that need protection. The matrix connects subjects to objects with specific permissions.

Subjects request access, and objects are the protected resources.

Permissions or Rights

Permissions define what actions a subject can perform on an object. Common permissions include read, write, and execute. The matrix stores these permissions in each cell to control access precisely.

Permissions specify allowed actions between subjects and objects.

Implementation Approaches

The access control matrix can be implemented in two main ways: access control lists (ACLs) and capability lists. ACLs list permissions per object, while capability lists list permissions per subject. Both represent the same information differently.

ACLs and capability lists are two ways to realize the matrix.

Real World Analogy

Think of a hotel with many rooms and guests. Each guest has a key card that opens certain rooms. The hotel manager keeps a chart showing which guest can enter which room and what they can do inside, like use the minibar or access the safe.

Structure of Access Control Matrix → The hotel manager's chart showing guests (users) and rooms (resources) with allowed actions.

Subjects and Objects → Guests as subjects who want access, and rooms as objects to be protected.

Permissions or Rights → Key card permissions like opening the door or using the minibar.

Implementation Approaches → Different ways the hotel tracks access: a list per room (ACL) or a list per guest (capability list).

Diagram

┌─────────────┬─────────────┬─────────────┬─────────────┐
│             │ File A      │ File B      │ Printer     │
├─────────────┼─────────────┼─────────────┼─────────────┤
│ User 1      │ read, write │ read        │ execute     │
├─────────────┼─────────────┼─────────────┼─────────────┤
│ User 2      │ read        │             │ execute     │
├─────────────┼─────────────┼─────────────┼─────────────┤
│ User 3      │             │ write       │             │
└─────────────┴─────────────┴─────────────┴─────────────┘

This diagram shows a table where users are rows, resources are columns, and each cell lists the permissions users have on resources.

Key Facts

Access Control Matrix → A table mapping subjects to objects with their allowed permissions.

Subject → An active entity like a user or process requesting access.

Object → A resource like a file or device that needs protection.

Permission → An allowed action such as read, write, or execute.

Access Control List (ACL) → A list of permissions attached to an object showing who can access it.

Capability List → A list of permissions attached to a subject showing what it can access.

Common Confusions

Believing the access control matrix is always stored as a full table in memory.

Believing the access control matrix is always stored as a full table in memory. The matrix is a conceptual model; practical systems use ACLs or capability lists to store permissions efficiently.

Thinking subjects and objects are the same.

Thinking subjects and objects are the same. Subjects are active entities requesting access, while objects are passive resources being accessed.

Summary

Access control matrix organizes who can do what to which resource in a clear table format.

Subjects are users or processes, objects are resources, and permissions define allowed actions.

ACLs and capability lists are practical ways to implement the matrix in real systems.