📘 Topic: Access Management

Subject: Information Technology Infrastructure

---

1. 📌 Introduction

In IT systems, many users access applications, databases, and networks. Not all users should have the same level of access. Some can only view data, while others can modify or delete it.

👉 To control this properly, organizations use Access Management as part of security and identity systems.

---

2. ✅ Definition

Access Management is the process of granting, controlling, and monitoring user access to IT systems, applications, and data based on their identity and role.

👉 Simple idea: It ensures “only authorized users can access specific resources.”

---

3. 🎯 Objectives of Access Management

• Prevent unauthorized access
• Protect sensitive data
• Ensure correct user permissions
• Improve system security
• Enforce organizational policies

---

4. 🧩 Core Functions of Access Management

---

🔑 1. Authentication

• Verifies user identity

📊 Example:

• Password, OTP, fingerprint

---

🔑 2. Authorization

• Defines what a user can access

📊 Example:

• Admin can edit data, user can only view

---

🔑 3. Access Control

• Enforces permissions on systems

📊 Example:

• File access restrictions

---

🔑 4. Role-Based Access Control (RBAC)

• Access is given based on roles

📊 Example:

• HR role → employee records access
• Finance role → salary data access

---

🔑 5. Access Monitoring

• Tracks user activities

📊 Example:

• Logging login times and file access

---

🔑 6. Session Management

• Controls user sessions after login

📊 Example:

• Automatic logout after inactivity

---

5. ⚙️ Access Management Process

---

📊 Diagram Description

User Login → Authentication → Authorization → Access Granted → Monitoring → Session Control

---

6. 🧠 Real-Life Example

In a banking system:

• Customer logs in using password and OTP
• System verifies identity (authentication)
• Customer can view account balance but cannot access admin settings (authorization)
• All actions are logged for security

👉 Result:

• Secure and controlled access

---

7. 🔐 Types of Access Control Models

---

🔑 1. Discretionary Access Control (DAC)

• Owner decides access rights 📊 Example: File sharing permissions

---

🔑 2. Mandatory Access Control (MAC)

• System-enforced strict access rules 📊 Example: Military systems

---

🔑 3. Role-Based Access Control (RBAC)

• Access based on user roles 📊 Example: Company HR system

---

8. 📌 Importance of Access Management

• Protects sensitive data
• Prevents data breaches
• Ensures compliance with security policies
• Reduces insider threats
• Improves system control

---

9. ⚠️ Challenges

• Managing large number of users
• Complex role definitions
• Misconfigured permissions
• Insider misuse of access
• Integration with multiple systems

---

10. 🔄 Access Management vs Identity Management

Feature	Access Management	Identity Management
Focus	Permissions & access control	User identity lifecycle
Function	Control access	Create/manage users
Scope	System-level security	User-level management

---

11. 📝 Likely Exam Questions

⭐ Short Questions:

1. Define access management.
2. What is authentication?
3. What is authorization?
4. What is RBAC?
5. What is session management?

---

⭐ Long Questions:

6. Explain access management process with diagram.
7. Describe types of access control models.
8. Discuss importance of access management in IT systems.
9. Differentiate between identity management and access management.
10. Explain authentication and authorization with examples.

---

12. 📌 Quick Summary / Conclusion

• Access Management controls who can access what in IT systems.

• It includes:

  • ✔ Authentication
  • ✔ Authorization
  • ✔ Role-based control
  • ✔ Monitoring and session control

👉 Final Idea: Access management ensures secure, controlled, and efficient protection of IT resources in modern organizations.

---

✅ Exam Tip: Always include:

• Definition
• Core functions
• Process diagram
• Access control models
• Real-life example for full marks