In this work the author considers a problem of management of access to information resources of the enterprises. Formulates the purposes of a control system of access. Defines interrelation of the purposes of information security and available threats of safety. Suggests to use an access matrix as a passive element of protection of information resources. Formulates tasks which need to be solved in any control system of access. Sets a task of a redundancy exception when carrying out measures of information resources protection. Offers a formation technique of an access matrix. Describes procedure of information categorization, risk groups identification, formation of access profiles, fixing of access rights in organization regulating documents.