Logical access controls are tools used for identification, authentication, authorization, and accountability in computer information systems. They are components that enforce access control measures for systems, programs, processes, and information. Logical access controls can be embedded within operating systems, applications, add-on security packages, or database and telecommunication management systems.
Logical access control can be contrasted with physical access control (an example of which is a mechanical lock and key controlling access to a room), but the line between the two can be blurred when physical access is controlled by software. For example, entry to a room may be controlled by a chip and PIN card and an electronic lock controlled by software. Only those in possession of an appropriate card, with an appropriate security level and with knowledge of the PIN are permitted entry to the room. On swiping the card into a card reader and entering the correct PIN, the user's security level is checked against a security database and compared to the security level required to enter the room. If the user meets the security requirements, entry is permitted. Having logical access controlled centrally in software allows a user's physical access permissions to be rapidly amended or revoked.