Who can do what...
Access control matrix: formalisation of all the permissions in the system
objects | file1 | file2 | file3 | ... |
users | ||||
A | rw | r | ||
B | rw | |||
C | r | |||
... |
For example, one box represents C can read file3
Potentially huge number of users and objects, so impractical to store all of these.