Edit this page

15. Grant Access to a Protected Resource

This use case provides a high level overview of how an individual accesses a protected resource. It describes the process for accessing both logical resources, like systems and files, and physical resources, like facilities. In practice, the implementation of logical and physical access may differ. For more information about:

  • Authentication - please see Authenticate a User.
  • Static and dynamic authorization - please see Authorize Access (Static) and Authorize Access (Dynamic).
  • Access policy administration and entitlements management - please see Administer Digital Access Policies and Manage Entitlements.

Actors and Systems Key for Images Actors and Systems Key for Images

Pre-condition: Individual has a digital identity record and credential, and the individual has been associated with access entitlements.

1. Access Attempt Individual attempts to access a protected resource.
2. Present Credential Individual presents a credential that meets the minimum required level of assurance.
3. Verify Authentication Factors The Access Control System (ACS) authenticates the individual using necessary authentication factors.
LOAs 1/2 - one factor required; LOAs 3/4 – at least two factors required.
4. Authorization Check If authentication is successful, the ACS checks the individual against the resource’s access parameters.
This check might include gathering additional attributes about the individual to make an access decision.
5. Access Decision If the individual matches the resource’s access parameters, the ACS grants access to the protected resource.
6. Log Access Activity The ACS creates a log of the access attempt, the user, and the decision for auditing and review purposes.

Post-condition: Individual is granted or denied access to the resource.

Click here for a consolidated image of this use case.