Control of the user’s access to the appropriate resources for the legitimate reasons is critical for any IS; this is more important when the system is identified as a SOX application or contains private information. The lack of an appropriate access control framework in IS results in exposure to unauthorized access and compromise the reliability of data integrity (Bindahman & Zakaria, 2013). One of the fundamental security methods used to protect the data in multi-user sharing systems is access control by which users are allowed access to resources based on the user’s identity and associated privileges (Bindahman & Zakaria, 2013).