In monitored environments, where risks can be prevented via sensors and spatial data technologies, security rules, in particular access control rules, should be made adaptive to the situation at hand at run time. The paper presents adaptive access controls suitable for “smart environments”, based on the Attribute-based Access Control paradigm. Risks are notified by monitoring devices and managed by a Risk Management System, which is illustrated. To adapt the access control decisions to risk mitigation needs, security policies are defined to dynamically activate or deactivate access rules according to the operations required to manage the risks.