How Does an Access Control System Work?

How Does an Access Control System Work?

Traditional metal keys can be easily lost, locks must be professionally re-keyed if an ex-employee fails to return a key, and if a key is stolen and ends up in the wrong hands, your business is at serious risk.

There is a more secure, less fallible solution to securing your business—access control!

If you have ever worked at or visited a large building, facility, or campus—such as a hospital, school, or office—then you may have used or at least seen an access control system. Unlike a standard lock and key, entryways equipped with an access control system feature an automatic, preconfigured door lock sensor that only permits entry when someone scans an authorized tag.

These systems give you complete control over who can enter restricted areas and when they can enter. They also generate detailed records of how people move through a protected building, with timestamps indicating each time a protected door is successfully or unsuccessfully unlocked.

But access control does more than just replace the standard lock and key.

Access control systems are digital networks that electronically control entry into and out of a designated area.

The main elements of an access control system are the tag, tag reader, access control panel, and lock. These work together to create a seamless, automated experience for the user.

Tag: A tag can be issued as a key fob, keycard, or smartphone credential. These tags use a wireless technology called radio frequency identification (RFID) to send signals to the access control panel.

Each tag has a unique encrypted identification number. You can issue tags on a person-by-person basis and configure them based upon who the individual user is. For example, a government agency may want to permit a high-level official entry into a classified briefing room but want to deny entry to lower-level employees. You can give all employees the same type of tag, but configure one tag to permit entry and one tag to deny entry. 

The system administrator can change access settings at any time, meaning you won’t have to track someone down and ask them to exchange their tag—you can do it remotely! If someone happens to lose their tag, it’s not a problem. All it takes is a few clicks to permanently disable the tag and issue a new one with the correct permissions. 

A biometric signature, such as a hand or thumb scan, can be used in lieu of a physical tag. The access control system will operate the same way. 

Tag Reader: The tag reader is installed on one or both sides of a door—one side of the door if the system only controls entry, or both sides of the door if the system controls entry and exit. The reader contains an antenna that is connected to and receives power from the access control panel, a component we discuss below. 

When an individual presents their tag to the reader, the reader’s antenna receives its encrypted ID number. The tag reader sends the ID number to the access control panel.

Access Control Panel: The access control panel, or controller, is the core of the system. It stores the authorization information configured by the system administrator. The control panel receives the encrypted tag number from the reader, decodes the number, then compares the ID number to ID numbers already loaded onto the system. If the numbers match, and the user is authorized to access the door at that time, the door will unlock. This all happens in the matter of seconds. 

Lock: The access control panel operates the electrical door lock—if a user is permitted to enter the door will automatically unlock and can be opened.  

There are three types of access control systems: discretionary access control (DAC), mandatory access control (MAC), and rule- or role-based access control (RBAC).

Though most access control systems operate according to the basic hardware outline above, access control is by no means a one-size-fits-all solution. There are in fact three types of access control, which, depending on the type of company or organization the system controls, determine how access permissions are granted and who can set access permissions. 

Discretionary access control systems are the least restrictive form of access control. These systems allow anyone to control the system. System admins can be switched from person to person, so long as each individual has access to the system. The administrator of the system has complete control over who has access permissions. 

From a user-settings standpoint, DAC is not very sophisticated, but is easy to use. System admins can configure access by group, but will likely not have the same control over times at which specific individuals can enter, nor will they be able to set permissions based upon the role of the employee (office administrator, manager, owner, etc.).

Mandatory access control is the most restrictive form of access control. MAC gives control and management of the system to only the system owner or administrator. But even the system admin is restricted in their ability to permit or deny access—settings are programmed into the system and the admin cannot circumvent them.

All users are classified according to their permissions, with access to designated areas based entirely upon their role. The only way to change these access settings is to create an entirely new profile with a different role or classification.

Because MAC systems are so restrictive, they are generally installed only at facilities in which there is little need to change security permissions. You might find one at a military or government facility. 

Rule- or- role-based access control is the most popular form of access control. RBAC systems are less restrictive than MAC and more configurable than DAC.

This system lets the admin set rules and limitations, such as denying access at specific times of day or limiting access based on which tag is used. Different RBAC systems come with different settings, but in general, the system admin will have a plethora of options they can tweak as needed.

A user can be assigned access permissions based upon their role. A project manager, for example, can be assigned access permissions that a project assistant is not. But unlike a MAC system, which can make it hard to re-assign permissions if roles change, with RBAC an admin can simply click a button to change user access settings without any additional legwork. 

Access control will increase security and keep you more informed. 

The only real alternative you have to access control is sticking with your locks and keys. But think for a second about the problems you can run into. Here is a quick list of things we commonly see that cause businesses to convert to access control:

  • Keys are commonly lost or stolen. If you do lose track of a key, a new key will need to be made or a new lock will have to be installed.
  • You can’t track and monitor who uses a key or what door they unlock—if multiple keys have been issued, you have no way of knowing which key is used to unlock a door.
  • Multiple doors may require multiple different keys, complicating security management. 

Access control solves all these problems.

You can eliminate the need for keys altogether, and with in-depth reporting and metrics, you can see exactly who unlocked a door, and when. You can customize the system to meet your unique requirements, and you can easily grant or revoke permissions whenever you want. And one tag per person is all you need—one tag can be used on all doors equipped with a tag reader. 

With access control, you can say goodbye to keys for good.

If you’re looking for a more comprehensive, easier-to-manage business security system, get access control from Bay Alarm! Fill out our online contact for or give us a call today to get started on learning how our access control system can resolve your security challenges.

Start a conversation with a Bay Alarm security expert.

1 (800) 610-1000