Introduction

Access control is how an application restricts who or what can view resources and perform actions. Web applications rely on authentication to verify the user's identity and session management to continue to verify subsequent requests were issued by that same user, access control is just the piece that determines if that user is allowed to view the resource or perform the action.

Access controls are complex to implement and their implementation often involves technical challenges, as well as business logic. There are a few different types of access control:

• Vertical access controls
• Horizontal access controls
• Context-dependent access controls