UnixTime

Research Note

Access Control Matrix

Use this to define standard access rights by role, asset, classification, and approval owner.

On this page

When to use this

Practical use

Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.

Use this to define standard access rights by role, asset, classification, and approval owner.

Matrix

Role/profile Asset/system/location Classification/sensitivity Access level Business need Approver/owner Review frequency Notes
TBD TBD TBD Read / Write / Admin / Physical TBD TBD TBD TBD

Design checklist

  • Access is based on business need.
  • Least privilege is applied.
  • Need-to-know and need-to-use are considered.
  • Asset owner or authorized role approves access.
  • Sensitive assets have tighter access controls.
  • Privileged access is separated and monitored.
  • Role profiles are reviewed periodically.
  • Physical access is included where relevant.