In addition to greatly increasing the number of users who have access to telecommunications systems and facilities, ONA increases the levels of access to telecommunications systems and facilities. If a network element does not provide a level of granularity such that for each user allowed access to a resource it is possible to grant access rights to specific software, processes, databases, information, etc., then users authorized to use a network element may be able to uses resources for which they are not authorized. For example, if proper resource access control is not used then it is possible for a user authorized to use a network element to execute unauthorized commands, access unauthorized information, or access unauthorized network elements.
The exploitation of vulnerabilities associated with resource access control results in the threat of impersonating a user. The severity of the threat of impersonating a user depends on the level of privilege that is granted to the unauthorized user. Strong access control mechanisms must be combined with strong identification and authentication mechanisms to fully protect resources.