Abstract Cloud computing is an Internet‐based computing where the information technology resources are provided to end users following their request. With this technology, users and businesses can access programs, storage, and application development platforms through the Internet and via the services offered by the cloud service providers (CSPs). One of the biggest obstructions in the cloud computing environment is data security. Actually, the data are dispersed across multiple machines and storage devices such as servers, computers, and various mobile devices. The uncontrolled access to these resources and data leads to many important data security risks for the end users. In this way, and in order to ensure the reliability of the cloud and the trust of the users regarding this environment, controlling access to data and resources as well as protecting and ensuring their security becomes a critical task for CSPs. In this work, we present a comprehensive review of existing access control mechanisms used in the cloud computing environment. The advantages and disadvantages of each of these models are discussed and presented along with their analysis. Also, we study the cloud requirements of these models, and we evaluate existing control mechanisms against these requirements.