The most widespread procedure for access control is currently protection by passwords. Only those users who know the password are granted access. In addition, access can be restricted to specific access routes, for example dialog or batch, or even to specific terminals ("Separation of system access routes"). The use of terminal sets ("Restrictions on access via terminal sets") makes it considerably easier to administer terminals from which access is permitted or forbidden. Dialog and batch access can be protected by additional conditions which are defined in guards ("Access control with guards"). The use of personal identification ("Separation of system access routes") is recommended for user IDs to which several people normally have access. Single Sign On permits a user access to all applications he/she requires, on different computers, too, via a single authentication procedure. In BS2000 the procedure "Single Sign On with Kerberos" is available for Single Sign On.