The rules and restrictions are given personally by the admin, and it is followed on a strict note. It is confidential and secure as the projects and tasks are done with utmost privacy and secret. It is the best system to prevent losses and illegal access to data. The security system identifies the user and his position so that it grants only the required and appropriate access to data.
It is difficult to maintain as the administrator is the only one who can access the database and has to constantly check the prosecco to make sure they are being done without any hurdles or confusion.
MAC depends on manual scaling, and this is a demerit as it biomes laborious for the administrator to handle and manage the data. This is an identity-based model of access control. The admin or the owner has the privilege of assigning access either to individuals based in their position in the organization or also create groups with users having the same positions and grant them access to different levels of data.
It is flexible and decreases the responsibilities and tasks of the administrators, and does not put much burden. Due to these factors, it is not ideal to be employed in organizations that deal with sensitive and personal data. It is the best option for startups and IT organizations with a small number of employees as it is best suited for their purposes and levels of security.
It has extremely good flexibility, scalability, and simplicity. As the owner of the resource has the full control, one slip from him can give full control to others. In this method, access is determined by the system, not by the owner.
Systems that contain highly sensitive data such as government or military based systems use this access control type. In this control, all users subjects and resources should have a label assigned to them. It is a security label and specifies the level of trust. To access the resource, the user must have equal or higher sensitivity level than the level of the required resource.
For example, if the user requires accessing a secret file, he should have a secret clearance or a higher clearance to access the resource. DAC is a type of access control in which the owner of a resource restricts access to the resource based on the identity of the users.
MAC is a type of access control that restricts the access to the resources based on the clearance of the subjects. In DAC, the resource owner determines who can access and what privileges they have. MAC provides access to the users depending on the clearance level of the users. Mandatory Access Control An additional security policy that classifies the user and data based on security classes is called MAC.
Each subject and object is labelled with a security label. It is less labour intensive and flexible as compared to DAC. MAC based commercial systems are trusted solaries and SE linux. Disadvantage is that being too strict In that they need a firm classification of subjects and objects into security levels and hence they are not applicable to various environments.
Example 3. Please log in to add an answer. Continue reading
0コメント