Access Controls - 4.6

Access control is the process of ensuring that only authorized users and processes can access resources.

Mandatory Access Control - MAC

• Access is strictly controlled by an administrator, and users have no ability to alter permissions. Only users explicitly given permission can access the resource, often in high-security environments (e.g., military systems).

Discretionary Access Control - DAC

• The resource owner determines who can access their resource and can delegate access at their discretion. This allows greater flexibility but may result in inconsistent permissions management.

Role-Based Access Control - RBAC

• Permissions are assigned based on predefined roles or groups within the organization (e.g., manager, shipping, finance). Users inherit permissions according to their role, ensuring uniform access levels for similar positions.

Rule-Based Access Control

• Permissions are defined by an administrator based on pre-set rules (e.g., no network access during certain hours). This provides control over access based on predefined conditions.

Attribute-Based Access Control - ABAC

• A dynamic system that evaluates multiple attributes (e.g., user role, time, location, and resource sensitivity) to determine access. It allows fine-grained control over access decisions based on real-time contextual data.

Time-of-Day Restrictions

• Access to resources is restricted based on time, which may include geospatial considerations (e.g., only allow access during business hours from specific locations).

Least Privilege

• The principle of least privilege grants users only the minimum permissions necessary to perform their job functions, reducing the risk of unauthorized access or accidental modification of sensitive data.