The system of preventing unauthorised access to the resources of an IT product, programs, processes, systems, or other IT products. Some suppliers consider preventing unauthorised users from logging on to the system to be access control. In reality, access control should also stop logged on users accessing objects (files, devices, etc) for which they have no authorisation.