// GLOSSARY -- SECURITY & COMPLIANCE

What is Access Control?

1 min read Updated

Access control is the security mechanism that determines which entities (users, agents, contracts) are authorized to perform specific actions on specific resources — enforcing the principle that only authorized parties can access or modify protected assets.

WHY IT MATTERS

Access control is one of the oldest and most fundamental security concepts. In blockchain, it determines who can call admin functions, upgrade contracts, transfer funds, and modify configurations. In agent systems, it determines what each agent can do.

Common models include discretionary (owner decides), mandatory (system-enforced), role-based (RBAC — permissions tied to roles), and attribute-based (ABAC — permissions based on dynamic attributes). Smart contracts typically use role-based patterns with OpenZeppelin's AccessControl library.

For AI agents, access control defines the agent's capability boundary. Which contracts can it interact with? What functions can it call? How much can it spend? Without proper access control, an agent is either too restricted (useless) or too permissive (dangerous).

HOW POLICYLAYER USES THIS

PolicyLayer provides financial access control for AI agents — defining which transactions each agent is authorized to execute based on amount, recipient, token, and other attributes. It's ABAC (Attribute-Based Access Control) applied to financial operations.

FREQUENTLY ASKED QUESTIONS

What access control model is best for agent wallets?
Attribute-based (ABAC) is most flexible — controlling access based on transaction amount, recipient, token, time of day, cumulative spending, and other dynamic attributes. RBAC works for simple setups (admin vs agent roles).
How is access control implemented in smart contracts?
Typically using OpenZeppelin's AccessControl library, which provides role management and role-based function guards. For account abstraction, custom validation modules implement access control logic.
Can agents escalate their own access?
Not if access control is properly implemented. The agent should never have the ability to modify its own permissions. Access control changes should require a separate, more privileged authority (multisig, admin key).

FURTHER READING

Enforce policies on every tool call

Intercept is the open-source MCP proxy that enforces YAML policies on AI agent tool calls. No code changes needed.

npx -y @policylayer/intercept
github.com/policylayer/intercept →
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.