We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is an Access Token?

By S.A. Keel
Updated: May 16, 2024
Views: 8,120
Share

In computer operating systems and other software frameworks, an access token is any data structure that contains the security information needed by a process to access a secured object or another process that requires authorization. Secure objects are usually data in the file system with read and write privileges defined, and a process is any other program or service that requires authorization to access its functions. While an access token is simply a container capable of holding any information, it is usually used to store user privileges.

The concept of an access token was primarily conceived of and used by Microsoft® operating systems and programs, but their usefulness has carried them elsewhere. The application programming interface (API) for Google describes a method for using access tokens while programming applications that need to access data associated with a Google user's account. Some of the large social networking platforms also use access tokens in their API.

Basically, when a user logs into an operating system or software system framework, the system verifies the user and password in a security database, and an access token is created that identifies the user to any object or process on the system. Any processes — such as applications, programs, or services — that are started by the user will carry the access token with them. The access token, then, needs to store several bits of data that another program or object checks against to grant access.

Access tokens contain the security identifiers (SID), typically numeric codes, for the user, any user groups to which the user belongs, and the current log-on session. The token also contains a list of any privileges that the user or groups are allowed. There are a couple different types of access tokens, so the token also needs to identify its type, either primary or impersonation. A primary access token is the standard type used, but an impersonation token also can be created to act on the user's behalf.

When an access token is called on to do its job, it encounters a security reference monitor (SRM), a service that monitors access to objects and processes on the system. The SRM pulls up the security descriptor of the object or process for comparison with the access token. The security descriptor contains an access control list (ACL), where each access control entry (ACE) defines certain permissions for that object or process. For example, in the case of a file on the system, the security descriptor contains information about which users or groups have permission to read or write to the file. If the access token requesting access to open or edit the file doesn't match the permissions in the security descriptor, access fails and the user is denied access to the file.

Share
EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Discussion Comments
Share
https://www.easytechjunkie.com/what-is-an-access-token.htm
Copy this link
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.