Access Control – Types

is a security technique that regulates who or what can view or use resources in a computing environment.

• MAC – Mandatory Access Control
• A central authority governs access.
• Common in military and government environments.
  DAC – Discretionary Access Control
• The administrator and the owner decide on the access.
• Lack of a central authority.
  RBAC – Role-Based Access Control
• The restrictions on resources are based on roles, groups, or individuals.
• Ex: Administrator, Human Resources, Analyst, Sales
  RSBAC – Rule Set-Based Access Control
• An administrator uses conditions to define the rules.
• Ex: Days, Time, Locations
  ABAC – Attribute-Based Access Control
• The accesses are defined by evaluating rules, policies, and relationships.
• Ex: A user with the role==”sales” can actionId==”read” if user.project==sales.project.

(to be continued…)