Access control is crucial for securely sharing data on platforms, and selecting the appropriate model hinges on the specific use case and scalability needs. Three primary access control models are discussed: Access Control Lists (ACL), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). ACL is simple and easy to implement but becomes cumbersome with many users and resources due to its lack of scalability. RBAC operates through roles and is more scalable than ACL, but can suffer from role explosion and limited flexibility. ABAC offers high scalability and flexibility by using attributes for access decisions, but it is complex to implement and maintain. Organizations must consider their future growth, who will maintain the system, and whether their needs justify a more complex model. DeltaStream, a real-time stream processing platform, has adopted RBAC to manage user access, addressing scalability concerns associated with ACLs, particularly in environments like Apache Kafka, which traditionally uses ACLs and faces challenges as the number of topics and users increases.