In the fields of physical security and information security, access contro lis the selective restriction of access to a place orothe rresource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization（授权）．
An access control mechanism(1) between a user (or a process executing on behalf of a user) and system resources, such as applications,operating systems,firewalls,routers,files,and databases.The system must first a uthenticate（验证）a user seeking access.Typically the authentication function determines whether the user is（2 ）to access the system at all. Then the access control function determines if the specific requested access by this user is permitteD. A security administrator maintains an authorization database that specifies what type of access to which resources is allowed for this user. The access control function consults this database to determine whether to（3 ）access. An auditing function monitors and keeps a record of user accesses to system resources.
In practice,a number of（4 ）may cooperatively share the access control function. All operating systems have at least arudimentary（基本的）,and in many cases aquite robust,access control component.Add-on security packages can add to the（5 ）access control capabilities of the OS. Particular applications orutilities, such as a database management system, also incorporate access control functions. External devices,such as firewalls, can also provide access control services.