Types of Role-Based Access Control
SailPoint IdentityIQ is an identity and access management (IAM) platform that helps organizations manage user access to applications and data. SailPoint Tutorials covers all the topics of identity management software that provides access governance and identity management for enterprises. Getting of Sailpoint Certification can help you to get opportunities in renowned companies.
There are two types of role-based access control:
- Discretionary access control (DAC):
Discretionary access control is a type of access control where the permissions are set by the owner of the resource. The owner can give different levels of access to different users based on their need to access the resource. For example, a file owner can give read, write, or execute permissions to different users.
Discretionary access control (DAC) is a type of security model that gives users discretionary control over who can access which resources. DAC is usually implemented through permissions and access control lists (ACLs). DAC is often contrasted with mandatory access control (MAC), which gives administrators more control over what users can access.
However, DAC can be seen as a more flexible form of security, since it allows users to control access to their own resources. DAC is a common security model in operating systems, databases, and applications. It is also sometimes used in physical security systems.
- Mandatory access control (MAC):
Mandatory access control is a type of access control where the permissions are set by a central authority. The central authority defines the rules for how the resource can be accessed and by whom. For example, a company may have a rule that only certain employees can access certain files.
In computer security, mandatory access control (MAC) refers to a type of access control by which access to resources or data is restricted by a security policy to only those users who have been granted explicit permission by a security administrator. MAC is typically enforced by hardware and software mechanisms that control how subjects can access objects. The term “mandatory” in this context means that all subjects must comply with the access control policy; there is no way to bypass the policy.