Logo
RSS Feed

⛔️ Access Controls


Created: 12.10.2020

DAC

I am the leader! I’m the one that says when we go.

img

A user, who’s the owner of the file or another object defines who can and who cannot view it. It’s not safe, but it is easier to implement.

MAC

ChatGPT dump and

A. Discretionary Access Control (DAC):

Discretionary Access Control is an access control model where the owner of a resource has full control over granting or restricting access permissions to that resource. In DAC, the owner can decide who can access the resource and what actions they can perform on it (e.g., read, write, or execute).

Example: The NTFS file system, used in Windows operating systems, supports DAC. In NTFS, a file or folder owner can grant or deny access to specific users or groups, allowing them to read, write, or modify the file/folder according to their needs.

B. Access Control List (ACL):

Access Control List is a mechanism that allows administrators to define granular permissions for resources. ACLs contain a set of rules specifying which users or groups are allowed or denied access to a particular resource and the level of access they have.

Example: Both NTFS (Windows) and HFS+ (macOS) file systems use ACLs to manage access permissions for files and folders. In these systems, administrators can create ACLs to define the allowed and denied permissions for individual users and groups.

C. Mandatory Access Control (MAC):

Mandatory Access Control is a security model that enforces access restrictions based on predefined security policies. In MAC, access permissions are determined by the system, rather than the resource owner, and are usually based on security labels or classifications.

Example: The SELinux (Security-Enhanced Linux) system, used in some Linux distributions, implements a form of MAC. In SELinux, resources (e.g., files, directories) are assigned security labels, and users/processes have security clearances. Access is only granted if the user/process security clearance matches or exceeds the security label of the resource.

D. Role-Based Access Control (RBAC):

Role-Based Access Control is an access control model where permissions are assigned to roles rather than individual users. Users are then assigned to these roles, which grants them the permissions associated with those roles. RBAC simplifies access management by allowing administrators to manage permissions at the role level rather than dealing with individual users.

Example: While RBAC is not tied to a specific file system, it is often used in various applications and systems. For instance, in a Content Management System (CMS), users might be assigned to roles such as “Editor,” “Author,” or “Administrator,” each with different levels of access to the system’s resources.

Zero Trust

All users regardless of their location and network used are asumed to be hostile. Thus the user gets authentication/authorised each time they require access to a resource.