Different Types of Access Control Models

Mandatory Access Control (MAC)

• Uses security labels to authorize resource access
• Requires assigning security labels to both users and resources
• Access is granted only if the user’s label is equal to or higher than the resource’s label

Discretionary Access Control (DAC)

• Resource owners specify which users can access their resources
• Access control based on user identity, profile, or role
• Allows resource owners to grant access to specific users

Role-Based Access Control (RBAC)

• Assigns users to roles and assigns permissions to roles
• Roles mimic the organization’s hierarchy
• Enforces minimum privileges
• Effective for managing permissions based on job roles and turnover

Rule-Based Access Control

• Uses security rules or access control lists
• Policies can be changed quickly and frequently
• Applied across multiple users on a network segment

Attribute-Based Access (ABAC)

• Considers various attributes like
  • User Attributes — User’s name, role, organization ID, or security clearance
  • Environment Attributes — Time of access, data location, and current organization’s threat level
  • Resource Attributes — File creation date, resource owner, file name, and data sensitivity