Access Control – The Basics

Put simply access control is the ability to control access to a set of resources in a given area. It could be as basic as a lock on a door or as complex as a security monitoring system. The more complex forms of access control have systems in place that allow customized access for different personnel, through the creation of timezones and access levels. However with all access control it is important to first understand the architecture of the system.

Centralized or Distributed

In the case of a system failure access control levels can be compromised if you do not have a thorough understanding of your systems processing arrangement. Centralized processing systems are dependent on a central computer. Information is collected at field panels, such as card readers at entry points, and sent back to the computer for validation. The doorway will not open until it has received a command from the central computer to do so. These centralized systems can be vulnerable if communication is lost between field panels and the computer or if the computer crashes. This can lead to open access for all card holders if systems aren’t put in place to limit access during system failures. Distributed processing systems allow the decision making process to take place at the field panel, which is then logged on the central computer. In these processing arrangements if communication is lost or the computer fails the access control levels are not compromised.


One of the most basic tools in access control is the use of timezones. Allowing differentiation for start and finish times and different days of the week a systems operator can limit access at entry points for opening and closing hours, lunch breaks and holidays. For example, the reception area may be accessible during opening hours and the break room may only be accessible 11:00 to 13:00. Taking this a step further we can look at pairing timezones with access levels. Issuing an employee an access card allows the system operator to assign to that card a group of access points as well as a group of timezones. Managers may have access 24/7 to all entry points where an employee may only have restricted business hours access. A common problem with this sort of access control is ‘tailgaiting’, where one user follows another into a point of entry without validating their card. Anti-passback can be used to combat this problem and consists of an ‘in’ and an ‘out’ card reader at all entry points,.


Access control areas can be monitored and can have multiple alarm inputs. For example entry point card readers are installed with an alarm contact which monitors if the door was forced open or left open. If the alarm had been activated because of an entry breach it can be ‘shunted’, bypassed, by a valid card read. Areas with alarm monitoring need not only be limited to entry points, they can also include motion detectors, panic alarms, temperature and glass break sensors. This and all other access control information is kept on an activity log and can be accessed in various ways depending on the type of system. Advancements in computer based systems even allow instructions to be sent to CCTV systems when a particular alarm is received