You can have a hybrid approach - deny access in that area by default but have a secure way to whitelist specific terminals for short periods (mission duration)
You can have a hybrid approach - deny access in that area by default but have a secure way to whitelist specific terminals for short periods (mission duration)