ABAC, DAC, MAC, Role-BAC, Rule-BAC
ABAC (Attribute-Based Access Control)
The most fine-grained access control.
Access is based on a combination of subject and object attributes
- Operating system
- IP address
- Up-to-date patches
- Up-to-date antimalware
- Employee's identity
- Time of day
- Location
- Type of device
DAC (Discretionary Access Control)
- Based on the owner of the file or folder
- The owner decides who gets access and the type of access
- Windows, Linux, and UNIX use a DAC method
MAC (Mandatory Access Control)
- Each object is assigned a classification label
- Each subject is assigned a clearance level (such as Confidential, Secret, or Top Secret)
- A subject with the label "Secret" would be unable to access "Top Secret" data as it would be above its clearance level.
- Also, based on "Need to know," in other words, not everything will they have access to at its security level.
RBAC (Role-Based Access Control)
- Based on your job function (role)
- Group-based security
- Group examples: Accounting, HR, IT, Sales. etc
RBAC (Rule-Based Access Control)
- System enforced rules
- Some rule triggers the access control
- Time of day
- Conditional access is a form of rule-based access control
- UAC (User Account Control - Windows) and sudo - Linux are examples of conditional access