Activity 4.4 - Identify Strategies Of Access Control

Role-based Access Control (RBAC) is a strategy that determines access to resources based on job functions or roles within an organization. It assigns permissions to roles rather than individual users, making it easier to manage and enforce access control policies. RBAC allows for efficient administration by granting or revoking access based on changes in job roles, simplifying the process of granting appropriate access to users. This strategy ensures that users only have access to the resources necessary for their job functions, reducing the risk of unauthorized access and potential security breaches.

Rule-based Access Control (RBAC) is a strategy based on access control lists that allows access to resources based on a set of predefined rules. RBAC defines roles and assigns permissions to those roles, rather than assigning permissions directly to individual users. This approach simplifies the management of access control by grouping users into roles and applying rules consistently across the organization. RBAC ensures that users are granted access to resources based on their role and the rules associated with that role, providing a more structured and scalable approach to access control.

Discretionary Access Control is a strategy that allows the owner of an object to determine which subjects can access that object and what specific access they may use. Unlike Mandatory Access Control, where access is determined by a central authority, Discretionary Access Control gives the owner the discretion to grant or deny access based on their own criteria. This means that the owner has control over who can access their object and can tailor the access permissions to suit their needs.

Mandatory Access Control (MAC) is a strategy that determines access to resources based on the security classification of the object and the label attached to the user. In MAC, access decisions are made by the system based on predefined rules and policies, rather than by the discretion of the user or the owner of the resource. This ensures a higher level of security and prevents unauthorized access to sensitive information.

Role-based Access Control (RBAC) is a strategy that is helpful in large organizations with hundreds of users and thousands of possible permissions. RBAC allows access to be granted based on the roles that individuals hold within an organization. This means that permissions are assigned to roles rather than to individual users. This approach simplifies the management of access control by allowing administrators to define roles and assign permissions to those roles, rather than having to assign permissions to each individual user. RBAC also allows for easy scalability as new users can be assigned to existing roles, and new roles can be created as needed.

Mandatory Access Control (MAC) is a strategy that uses security labels such as top secret, secret, confidential, and unclassified to control access to resources. In MAC, access decisions are based on the security classification of the resource and the security clearance of the user. This means that access is determined by a set of predefined rules and policies, rather than by the discretion of the resource owner or user. MAC is commonly used in environments where strict access control is necessary, such as government or military organizations.