Access control models are the core that identifies how a user accesses an object. An enterprise determines the best model based on the organization’s structure, the policies within the organization, and the benefits and risk associated with implementation. You’ll read about several models in the next section.
- Discretionary access control (DAC)—Policy defined by the object owner
- Mandatory access control (MAC)—Policy defined by the system
- Role-based access control (RBAC)—Policy defined by the functions the user performs within the organization—for instance, roles can be Human Resources or Finance
- Attribute-based access control (ABAC)—Policy a function of a subject’s characteristics ...