Scribd
Upload
9 views

Access Control

Access control is a security measure that verifies user identities through various credentials and authorizes access based on those credentials. There are four main types of access control: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC), each suited for different security needs. Organizations choose the appropriate model based on their specific security and compliance requirements.

Uploaded by

nimratehseen754
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
9 views

Access Control

Access control is a security measure that verifies user identities through various credentials and authorizes access based on those credentials. There are four main types of access control: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC), each suited for different security needs. Organizations choose the appropriate model based on their specific security and compliance requirements.

Uploaded by

nimratehseen754
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Access Control

Access control identifies users by verifying various login


credentials, which can include usernames and passwords,
PINs, biometric scans, and security tokens. Many access
control systems also include multifactor authentication
(MFA), a method that requires multiple authentication
methods to verify a user’s identity.
Once a user is authenticated, access control then
authorizes the appropriate level of access and allowed
actions associated with that user’s credentials and IP
address.
There are four main types of access control.
Organizations typically choose the method that makes the
most sense based on their unique security and
compliance requirements. The four access control models
are:
. Discretionary access control (DAC): In this
method, the owner or administrator of the protected
system, data, or resource sets the policies for who is
allowed access.
. Mandatory access control (MAC): In this
nondiscretionary model, people are granted access based
on an information clearance. A central authority regulates
access rights based on different security levels. This
model is common in government and military
environments.
. Role-based access control (RBAC): RBAC grants
access based on defined business functions rather than
the individual user’s identity. The goal is to provide users
with access only to data that’s been deemed necessary
for their roles within the organization. This widely used
method is based on a complex combination of role
assignments, authorizations, and permissions.
. Attribute-based access control (ABAC): In this
dynamic method, access is based on a set of attributes
and environmental conditions, such as time of day and
location, assigned to both users and resources.

You might also like