Fog computing has emerged as an attractive solution to the distributed application of the Internet of Things, and could provide low-latency, highly mobile, and geo-distributed services distinguished from the cloud. While fog computing offers numerous benefits, it also faces various security challenges, of which access control is one of the fundamental requirements since it is concerned with authorizing users to access resources in the open fog environment. This article provides a comprehensive survey of access control of users' data in the environment of fog computing with the aim of highlighting security problems and challenges. It discusses the definition, architecture, and characteristics of fog computing, based on which typical requirements and essential models of access control are addressed. Finally, it highlights known access control schemes in the environment of fog computing, and identifies existing unresolved problems as future directions.