An Overview Of Access Control Models

By Author: Appsian
Total Articles: 115
Comment this article

An Overview of Access Control Models

There are currently multiple models of access control to choose from in information security to determine user access. Outlined here are the four most common access control models.

1: Discretionary Access Control (DAC)

Discretionary access control allows the owner of a file or device to control, grant, or restrict the rights of others. For instance, consider when you create a spreadsheet for Google Sheets on Google Drive. You may choose to give access to specific individuals as the file owner for either viewing, reading, or altering the text. You can also set it so that the document can be accessed or opened to the public or can be accessed by anyone with a link.

DACs, which are widely used for operating systems, depend on access control lists (ACLs). Generally, these lists specify individuals (or groups of individuals) along with their levels of access authorization. Compared to the next sort of access control we're going to talk about, discretionary access controls are much more flexible and less restrictive. They are often the least protected process, however, ...
... since access control is left up to the owner of the file or device. DACs are the least restrictive of the various control access models we'll cover here and are widely used.

2: Mandatory Access Control (MAC)

Mandatory access control, unlike DAC, is non-discretionary and is simply based on a central authority's decisions, such as a security administrator. The owners and users of the files themselves have little to no control over who can access their files.

To connect certain services or levels of access with users, MAC relies on labels (such as confidential, classified, top-secret, etc.) and clearances. Documents receive labels that specify the clearance levels you need to view, alter, or disclose them.

For individuals and groups of users, an administrator may set certain access levels, which the users themselves cannot alter. This access management model is the most stringent.

3: Role-Based Access Control (RBAC)

As you can probably infer from the name, role-based access control offers user-role based access permissions. The functions that an employee performs is the 'role.' Users may have one or more responsibilities, and as a result, one or more permissions can be assigned. Doing this allows users with those positions access to the information they need to do their jobs without giving them access to data they don't need. RBAC is a wider method of control over access than, say, MAC.

4: Attribute-Based Access Control (ABAC)

Attribute-based access control (ABAC) is the next form of access model. It is a point on the continuum of logical access control, from basic access control lists to more capable role-based access, and eventually to a highly versatile approach to access provision based on an assessment of attributes.

ABAC allows one to connect individuals or entities with the types of data that can be used under particular parameters. It encourages the use of Boolean logic in order to create more versatile granular policies.

Attributes can be specific features or requirements that are added to either subjects (subject attributes) or to objects (object attributes). Management levels, employee IDs, organizational functions are some examples of attributes.

The latest data security solutions enable organizations to employ an RBAC-ABAC hybrid approach for efficient access control and management. This ensures comprehensive data security.

Appsian One of the leading ERP data security,compliance,implementation solutions provider that gives organizations to complete control and visibility over their ERP data.