Access control is the selective restriction of access to data and consists of two parts: authentication and authorization. Authentication is a technique used to verify that someone is who they claim to be. Authorization determines if a user should be allowed access.