Access profiles

1. User Profile A (which Profiles are expected to be captured here?)
2. User Profile B (which Profiles are expected to be captured here?)

Answer:

As example for profiles you can have Administrator profile (Profile A) and Common user profile (Profile B).

For an operational system you can have the following access rights:
- Administrator: read and write on flies and alter system configurations
- Common user: read and write on flies only

For an corporate networks you can have the following access rights:
- Administrator: remote access to internal networks and full access to Intern
- Common user: internal network access only

This article will provide you further explanation about access control:
- How to handle access control according to ISO 27001 https://advisera.com/27001academy/blog/2015/07/27/how-to-handle-access-control-according-to-iso-27001/

This material will also help you regarding access control:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/