THOUGHT CENTER > Blog > Access Controls

Types of Access Controls

May 15, 2023

While physical keys are the traditional method for site security, they're difficult to manage and can't be deactivated when lost or stolen. Nor can they log access data to create audit trails.

On the other hand, access control systems empower system operators with automated entry oversight, automated data logging, and instant remote control over access privileges.

How Access Control Works

Access control systems require the presence of a credential, such as a key card or fingerprint, at a door reader. The reader then authenticates the credential and, in most cases, transmits the credential data to an access control panel. The control panel is the brain of most access systems.

Keypads are a logical access control method for physical access control.

Suppose the control panel (or the local reader itself) finds a match between a presented credential and entry authorizations. In that case, it will transmit an electronic signal to unlock the door for passage.

Approaches to Assigning Access Privileges

Access control systems provide administrators with multiple methods for assigning privileges to credentials.

Discretionary Access Control (DAC)

The Discretionary Access Control (DAC) model lets administrators give trusted individuals the power to add, adjust, and revoke access permissions as needed. This approach often works best for small workplaces that don't have many doors and credentials to manage.

Features & Benefits of Discretionary Access Control Models

  • The discretionary technique is the most flexible, making it ideal for smaller businesses and organizations.
  • A DAC system allows for collaboration and resource sharing without complex and time-consuming protocols.

Example of DAC in Practice

  • Large fast-food and retail chains use discretionary access control to grant managers at smaller locations power over the access privileges of their on-site employees.

Mandatory Access Control (MAC)

Grant and deny access to sensitive data and areas. Individual user access and identity management is possible with control models for granted access for individual users.

Mandatory systems grant or deny entry based on predefined rules that have been determined by a central authority.

Features & Benefits of Mandatory Access Control Models

  • Mandatory systems strictly apply the rules created by a primary administrator or security officer.
  • Mandatory systems enforce the separation of duties to minimize the risk of insider threats.

Examples of MAC in Practice

  • Government and military organizations often use mandatory access control models to secure restricted areas and sensitive information.
  • Healthcare facilities use MAC to prevent unauthorized personnel from accessing patient records and medications.

Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) models assign privileges based on the job functions of each user. In an RBAC system, users are first assigned roles, and then access is granted based on the permissions associated with those roles.

Features & Benefits of Role-Based Access Control

  • Role-based access control methods simplify the credential authorization process for large enterprises by grouping users according to their job functions.
  • Role-based models ensure that personnel only have access to the resources they need.

Examples of RBAC in Practice

  • Large businesses, like Amazon, use role-based systems to assign access privileges to new hires in bulk efficiently.
  • Hospitals use role-based access control to assign different privileges to nurses in the ER, ICU, and other areas.

Attribute-Based Access Control (ABAC)

Attribute-Based Access Control (ABAC) approaches assign access based on the attributes or characteristics of the resource, environment, or user in question. Attributes may include factors like job title, clearance level, and time of day.

Features & Benefits of ABAC

  • With attribute-based systems, credential privileges are automatically adjusted based on preset rules.
  • ABAC methods enforce complex policies, such as those which restrict off-hours site access for some employees while granting round-the-clock access to salaried personnel and others.

Examples of ABAC in Practice

  • With attribute-based access control, hotel cleaning staff can access rooms only during housecleaning hours.
  • Hospitals use ABAC techniques to automatically change floating nurse privileges depending on the department they're sent to.
  • Military facilities use ABAC to automatically limit sites to individuals with appropriate levels of security clearance.

Access Control Software

Identity management via access control panel in server room. Use discretionary or non-discretionary access control rules.

The ideal access control software for your property depends on your needs. Cloud-based and web-based software are most suitable for small organizations with basic requirements, while server-based software is suitable for large organizations with complex needs.


Cloud-based access control software is hosted and managed in the cloud. This means that the software doesn't require on-site servers.


Similarly, web-based software programs don't require on-site servers. They can be accessed through a web browser or mobile app from anywhere with an Internet connection.


Server-based software is the best option for large organizations that need advanced features and options for customization.

The downside to server-based systems is that they require on-site servers and are only accessible from within their local network.

Types of Access Control Credentials

Key cards

Key cards are similar to credit cards in form, but they transmit unique RFID (Radio-Frequency Identification) codes to door readers for access to physical locations.

Key cards enable remote permission adjustments as circumstances change, and they're easy to deactivate and replace when lost or stolen.

Key fobs

Because key fobs use RFID technology, they work on the same readers as key cards. The advantage of fobs over cards is that fobs are more difficult to lose and can be attached to traditional key chains.

Time-Clock Badges

Like cards and fobs, time-clock badges transmit RFID signals, which allows them to function with most access control readers.

Rule-based access control models allow system administrators to control access rights and manage access requests.

The greatest benefit of using time-clock badges as access credentials is that they provide administrators with an all-in-one solution to manage payroll data, log staff movements, and ensure site security.

Businesses and organizations with fewer than 30 time-clock badges can avoid purchasing new credentials by individually migrating their existing time-clock badge data to their new access readers.

On the other hand, most large organizations have too many badges to migrate in a reasonable amount of time. In such cases, we recommend access control by ICT (Integrated Control Technology).

All ICT access control systems are compatible with time-clock badges. Plus, they can be configured to provide proactive notifications for specified incident categories (such as absences, late arrivals, excessive time spent in the wrong work areas, and other troublesome patterns).

Mobile credentials

Mobile credentials grant access to physical locations using Bluetooth signals that are transmitted by a user's personal smartphone. Bluetooth mobile credentials provide a high level of security because they cannot be duplicated.

PIN Codes

PIN codes are a common knowledge-based credential. Users enter a unique PIN or password into a keypad for access.

System administrator controlling access to minimize security risk with keypad.

Because PINs and passcodes are often copied to notebooks and electronic devices, administrators are advised to require two-step verification when using these credentials. The good news is that most keypads support two-step verification by featuring tiny internal antennas for RFID signal communication.


Biometric credential systems use a person's physical characteristics for identification. Biometric access control is highly secure and extremely difficult to hack or bypass. Plus, biometric credentials—fingers, eyes, and faces—are the credentials most difficult to lose.

Types of Access Control Readers

Two types of access controls.

Before allowing access, all access control systems require the presentation of at least one type of credential at a door reader. The credential used determines the type of reader that should be installed at the door.

Card Readers

Card readers, also known as RFID door readers, are the most commonly used type of access control reader. Proximity cards, key cards, fobs, and most time-clock badges communicate with card readers by transmitting RFID signals.

Bluetooth Signal Readers

Bluetooth readers are increasingly popular because Bluetooth signals are impossible to clone.

What's more, Bluetooth-based systems don't require administrators to give out physical credentials. Instead, the user's personal smartphone becomes their credential. While biometric credentials are the most difficult to lose, if a smartphone is lost, it's the user's responsibility to get a replacement.

Keypad Readers

Keypad readers require users to enter a code or PIN before they grant access. For this reason, they contain physical or touchscreen buttons.

Types of access resources include keypads and RFID readers.

Keypads are excellent for site security when combined with other credentials for two-step verification.

Biometric Door Readers

Biometric readers use a person's physical characteristics, such as facial features, eyes, and fingerprints, for identification.

While their credentials cost employers nothing and are extraordinarily difficult to lose, biometric readers are nevertheless the most expensive option for access control. A second drawback to biometric systems is that they can be affected by external factors, such as lighting conditions.

Access Control Integrations

The absolute best security systems integrate access control technology with other security systems, such as those for fire and intrusion detection, surveillance cameras, and video management.

Why are more and more commercial properties restricting access with control models? To make buildings safer by assigning permissions and access requirements for day-to-day operations.

Integrated security systems provide layered security and fewer false alarms by sharing data between devices.

Access Control Brands

Our team at Mammoth Security partners with the world's most esteemed access control manufacturers. We install their systems to give our customers access to solutions that are reliable and tailored to their needs.

Access control denies access in high-security areas unless authorized credentials are presented.

The following list of our access control partners includes one or two highlights about each and a link to their brand page on our website.

  • Honeywell: Honeywell systems are flexible and scalable to serve businesses and organizations of all sizes. The Honeywell NetAXS-123 access controller uses a browser-based interface that requires no specialized software.
  • ICT: ICT (Integrated Control Technology) provides cohesive security solutions by combining access control with intrusion detection and automated building management tools. What's more, time-clock badge reading abilities are built into all ICT access readers.
  • Avigilon: The Avigilon Access Control Manager (ACM) is an excellent security solution for large businesses and institutions. The ACM features cutting-edge AI-based technologies and can easily be integrated with most other security systems.
  • Brivo: Brivo invented the cloud-based access control that allows administrators and security personnel to manage multiple facilities on a single interface.
  • PDQ: Proprietary SecuRemote technology by PDQ (Pretty Damn Quick) harnesses Bluetooth technology and advanced encryption to manage and monitor access to secure sites securely.
  • Salto: Salto, the favorite brand for hotel room security, specializes in access systems that are completely wire-free and designed for environments in which credentials and privileges are continuously changing.
  • DMP: DMP (Digital Monitoring Products) is a family-owned, U.S.-based company that provides scalable access control solutions that are easy to manage.

Implementing Access Control

Security models that assign user permissions let system administrators grant permissions only to authorized individuals.

Implementing access control involves the following steps:

1. Assessment and Planning

Bring in a security expert to identify the right security posture for each entry and exit point, the best types of credentials for your security and workflow needs, and other important details about your site that will affect your system's design.

After the assessment, a plan outlining your potential access system's requirements, including hardware and software components, should be created.

2. Hardware Installation

Once a plan has been presented and accepted, access control hardware components are installed. These components usually include door locks, door readers, low-voltage cabling, and an access control panel.

3. Software Setup

The next step is to configure your system software. Your installer should help you to program access control policies, establish credential management methods, and create alert and notification rules.

4. Testing

Professional installers must test all hardware and software components to make sure they'll dependably enforce your site's access control policies. 

5. Education

New access control systems require on-site staff training for credential management, log auditing, system navigation, and the use of specialized features.

The friendly experts at Mammoth Security provide complimentary training for staff after installations. This training can usually be covered in one or two hours because most of the access control systems we install have intuitively designed interfaces.

6. User Enrollment

After hardware and software components have been installed and tested, and access control administrators have been trained, new users can be enrolled in the system's database and assigned credentials.


In conclusion, access control systems are an essential component of modern security, offering a wide range of options to fit the needs of various organizations. From Discretionary Access Control for small businesses to Attribute-Based Access Control for complex security requirements, access control systems provide a flexible and efficient way to manage access privileges. Additionally, different types of credentials and readers, such as key cards, biometrics, and mobile credentials, allow for tailored security solutions that suit each organization's unique needs.

Integration with other security systems, such as fire and intrusion detection, video management, and surveillance monitoring, further enhances the overall security posture. At Mammoth Security, we partner with leading access control manufacturers like Honeywell, ICT, Avigilon, Brivo, PDQ, Salto, and DMP to offer reliable, customized solutions for your organization.

If you are considering implementing access control at your facility or upgrading your current system, contact Mammoth Security today. Our team of experts will guide you through the entire process, from assessment and planning to installation, testing, and staff training. Take the first step toward a more secure and efficient future by contacting Mammoth Security and discovering the access control solutions that best fit your needs.





I’m not just another sales guy. I’m a security expert ready to discuss your security strategy one-on-one.

Let’s discuss your security strategy and get you a tailored solution that will perfectly fit your security expectations.

Get your FREE copy of ‘Top 10 Questions to Ask Before Purchasing A Camera System’