In the fields of physical security and information security, access control is the selective restriction of access to a place or other resource. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization(授权). An access control mechanism( )between a user (or a process executing on behalf of a user) and system resources, such as applications, operating systems, firewalls; routers, files,and databases. The system must first authenticate(验证)a user seeking access. Typically the authentication function determines whether the user is ( ) to access the system at all. Then the access control function determines if the specific requested access by this user is permitted. A security administrator maintains an authorization database that specifies what type of access to which resources is allowed for this user. The access control function consults this database to determine whether to( ) access. An auditing function monitors and keeps a record of user accesses to system resources. In practice, a number of( )may cooperatively share the access control function. All Operating systems have at least a rudimentary(基本的).and in many cases a quite robust, access control component. Add-on security packages can add to the ( )access control capabilities of the OS. Particular applications .or utilities, such as a database management system, also incorporate access control functions. External devices, such as firewalls, can also provide access control services .