Understanding Access Control
The three primary methods of access control are as follows:
Mandatory Access Control (MAC) All access is predefined.
Discretionary Access Control (DAC) Incorporates some flexibility.
Role-Based Access Control (RBAC) Allows the user’s role to dictate access capabilities.
A fourth method, Rule-Based Access Control (which also uses the RBAC acronym) is gaining in popularity. Each of these methods has advantages and disadvantages to the organization from a security perspective.
The method you choose will be greatly affected by your organization’s beliefs about how information needs to be shared. In a high-security environment, the tendency would be to implement either a MAC or RBAC method. In a traditional business ...