Mandatory, Discretionary, Role and Rule Based Access Control

From Techotopia
Revision as of 16:04, 7 February 2008 by Neil (Talk | contribs) (New page: One of the key foundations of a comprehensive IT security strategy involves implementing an appropriate level of access control to all computer systems in an organization or enterprise. Th...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

One of the key foundations of a comprehensive IT security strategy involves implementing an appropriate level of access control to all computer systems in an organization or enterprise. This chapter of Security+ Essentials we will provide an understanding of four types of access control for which an understanding is required to achieve CompTIA Security+ certification:

  • Mandatory Access Control
  • Discretionary Access Control
  • Rule-Based Access Control
  • Role-Based Access Control

An Overview of Access Control

The term Access Control is something of an ambiguous term. To some it could be interpreted as controlling the access to a system from an external source (for example controlling the login process via which users gain access to a server). In fact, such access control is actually referred to as Authentication or Idendity Verification (which is covered in the Authentication and Identity Verification chapter of this book).

The term Access Control actually refers to the control over access to system resources after a user's account and identity has been authenticated and access to the system granted. For example, a particular user, or group of users, might only be permitted access to certain files after logging into a system while being denied access to all other resources.

Retrieved from "https://www.techotopia.com/index.php?title=Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control&oldid=5080"