Access control implements a security policy that specifies who or what may have access to each specific system resource and the type of access that is permitted in each instance.
A typical example of this is in ERPs where access controls defines what access codes a process owner has and what access a reviewer and an approval has. Where a personnel has access to carry out a transaction, review and approve the transaction, access controls are said to be deficient.
