Access control issues refer to situations where a user is able to perform actions that they should not be authorized to do, such as deleting or modifying another user's data. This can happen due to a misconfiguration of access controls or a flaw in the application's code that allows users to bypass access controls.
Not to be confused with IDOR, while both vulnerabilities are related to authorization and access control, IDOR is more specific to the manipulation of object references, while access control issues refer to a broader set of vulnerabilities that can arise due to inadequate access control mechanisms.
{% embed url="https://portswigger.net/web-security/access-control" %}