0
0
Operating Systemsknowledge~10 mins

Access control matrix in Operating Systems - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime
Concept Flow - Access control matrix
Start
Define Subjects
Define Objects
Create Matrix
Assign Rights
Check Access Request
Allow or Deny Access
End
The access control matrix starts by defining who (subjects) and what (objects) are involved, then creates a matrix assigning rights, and finally checks access requests to allow or deny actions.
Execution Sample
Operating Systems
Subjects = ['Alice', 'Bob']
Objects = ['File1', 'File2']
Matrix = {
  'Alice': {'File1': ['read', 'write'], 'File2': ['read']},
  'Bob': {'File1': ['read']}
}
This sets up an access control matrix showing which subjects have which rights on which objects.
Analysis Table
StepActionSubjectObjectRights CheckedAccess Decision
1Check if Alice can write File1AliceFile1writeAllow
2Check if Bob can write File1BobFile1writeDeny
3Check if Alice can read File2AliceFile2readAllow
4Check if Bob can read File2BobFile2readDeny
5Check if Alice can execute File1AliceFile1executeDeny
6Check if Bob can read File1BobFile1readAllow
7End of access checks----
💡 All access requests checked; decisions made based on rights in the matrix.
State Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4After Step 5After Step 6Final
Subjects['Alice', 'Bob']['Alice', 'Bob']['Alice', 'Bob']['Alice', 'Bob']['Alice', 'Bob']['Alice', 'Bob']['Alice', 'Bob']['Alice', 'Bob']
Objects['File1', 'File2']['File1', 'File2']['File1', 'File2']['File1', 'File2']['File1', 'File2']['File1', 'File2']['File1', 'File2']['File1', 'File2']
Matrix{'Alice': {'File1': ['read', 'write'], 'File2': ['read']}, 'Bob': {'File1': ['read']}}{...}{...}{...}{...}{...}{...}{...}
Access Decision-AllowDenyAllowDenyDenyAllowCompleted
Key Insights - 3 Insights
Why does Bob get denied write access to File1 even though he can read it?
Because the matrix only grants Bob the 'read' right on File1, not 'write'. The execution_table rows 2 and 6 show this difference clearly.
What happens if a subject requests a right not listed in the matrix for an object?
The access is denied, as shown in step 5 where Alice requests 'execute' on File1 but only has 'read' and 'write' rights.
Are the subjects and objects changed during access checks?
No, subjects and objects remain constant throughout the process, as shown in the variable_tracker where their values do not change.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table at step 4. What is the access decision for Bob reading File2?
AAllow
BNot checked
CDeny
DError
💡 Hint
Check the 'Access Decision' column in execution_table row 4.
At which step does Alice get denied access for a requested right?
AStep 3
BStep 5
CStep 1
DStep 6
💡 Hint
Look for 'Deny' in the 'Access Decision' column for Alice in execution_table.
If Bob was given 'write' rights on File1 in the matrix, what would change in the execution_table?
AStep 2 would change to Allow
BStep 4 would change to Allow
CStep 6 would change to Deny
DNo changes
💡 Hint
Compare step 2 where Bob is denied write access to File1.
Concept Snapshot
Access Control Matrix:
- Rows = Subjects (users/processes)
- Columns = Objects (files/resources)
- Cells = Rights (read, write, execute)
- Check access by looking up subject-object-right
- Allow if right exists, else deny
Full Transcript
An access control matrix is a way to manage who can do what with resources. We list subjects (like Alice and Bob) and objects (like File1 and File2). Then we create a matrix that shows which rights each subject has on each object. When a subject requests access, we check the matrix. If the right is there, access is allowed; if not, it is denied. This process is shown step-by-step in the execution table, with variable states tracked to show no changes to subjects or objects during checks.