LOGICAL ACCESS CONTROL Flashcards
DAC
Discretionary access control (DAC) is a specific type of access control policy that is enforced over all subjects and objects in an information system.
In a DAC system, a user who has access to a file is usually able to share that file with or pass it to someone else. This grants the user almost the same level of access as the original owner of the file. Rule-based access control systems are usually a form of DAC.
DAC permissions
-Pass the information to other subjects or objects
-Grant its privileges to other subjects
-Change security attributes on subjects, objects, information systems or system components
-Choose the security attributes to be associated with newly created or revised objects; and/or
-Change the rules governing access control; mandatory access controls restrict this capability
MAC
A mandatory access control (MAC) policy is one that is uniformly enforced across all subjects and objects within the boundary of an information system.
MAC permissions
-Passing the information to unauthorized subjects or objects
-Granting its privileges to other subjects
-Changing one or more security attributes on subjects, objects, the information system or system components
-Choosing the security attributes to be associated with newly created or modified objects
-Changing the rules governing access control
RBAC
Role-based access control (RBAC), as the name suggests, sets up user permissions based on roles. Each role represents users with similar or identical permissions.