Access control models and concepts
When it comes to information security, the same idea applies from the physical security realm; restricting access to a location or asset is referred to as access control. When we say access, we could mean physically entering a space or digitally accessing a folder. We could mean reading a printed document in an office, but we can also consider the CRUD possibilities in a digital estate as well.
The classic (or retro?) access control is a lock and key. If somebody has the key, they're able to access what the lock is preventing access to. And if they have the key, they're allowed to access it, right? Is it that simple? Of course not. What we want is the ability to ensure that the people with the key are the people with permission, and try our best to ensure that even with the key, the wrong people aren't allowed to (or authorized to) access what they shouldn't.