In computer science, an access control matrix or access matrix is an abstract, formal security model of protection state in computer systems, that characterizes the rights of each subject with respect to every object in the system.
[1] An access matrix can be envisioned as a rectangular array of cells, with one row per subject and one column per object.
[2] According to the model, the protection state of a computer system can be abstracted as a set of objects
A right thereby specifies the kind of access a subject is allowed to process object.
An Access Control Matrix should be thought of only as an abstract model of permissions at a given point in time; a literal implementation of it as a two-dimensional array would have excessive memory requirements.
Although these two mechanisms have sometimes been presented (for example in Butler Lampson's Protection paper) as simply row-based and column-based implementations of the Access Control Matrix, this view has been criticized as drawing a misleading equivalence between systems that does not take into account dynamic behaviour.