Data access controls are established to control how subjects can access data, what they can access with it, and what they can do with it once accessed. Three primary types of access control are discussed in this section.
Mandatory Access Control (MAC)
- Authorization of user’s access to an object depends on labels (sensitivity levels), which indicate a user’s clearance,
- Every object is assigned a sensitivity level/label and only users authorized up to that particular level can access the object.
- Only a manager may change the category of a resource
Discretionary Access Control (DAC)
- Owner of the resource has authority to determine who gains access.
- This includes setting of permissions on files, folders, and shared resources.
- Not automatically applied by the OS/NOS
Role-Based Access Control (RBAC)
- Users are assigned permissions based on their role (or roles) in the organization
- Assignment of user rights is simply assigning the appropriate roles to the user
Source by wikipedia
To Become Cretified For CISSP Please Visit This Link ;