Classical logics have already been proposed as a means to specify and implement access control systems. In this paper, we first show that some facets of access control render these logics inadequate. In particular, when used as an inference engine, they are insufficient for decision making on the basis of imperfect information, a situation that occurs frequently in new computing paradigms. In addition, it is sometimes required to annihilate former derivable authorizations when new rules are added to security policies. Then, we demonstrate how the existing formalisms of nonmonotonic reasoning can be deployed to address such aspects of access control. Finally, we justify the use of modal nonmonotonic logics for access control in open environments and propose their required features.