Access control can be a policy, a software, or a hardware device which is used to allow or deny access to a resource. Access control can be by using devices like biometric device, switches, routers, Remote Access Service (RAS), virtual private networks (VPNs), etc. Access control can also be implemented on File System level like Microsoft's New Technology File System (NTFS), GNU/Linux's ext2/ext3/ext4 etc. The following are the three main concepts of Access Control.
• Discretionary access control (DAC)
• Mandatory access control (MAC)
• Role-based access control (RBAC)