Your organization uses both the users location and the time of a day when assessing a connection request.
What type of access control model is this?
This is an example of attribute-based access control (ABAC). In this model, attributes and their combinations are used to control access. There are several classes of attributes that might be included:
– Environmental attributes – items such as location, time of day
– Object attributes – object type (medical record, bank account)
– Subject attributes – age, clearance, department, role, job title
– Action attribute – read, delete, view, approve
Role-based access control (RBAC) provides a specific set of rights and permission based on the job role assigned to the user.
Discretionary access control (DAC) prescribes that the owner of an asset (data) decides the sensitively of the resource and who has access.
Mandatory access control (MAC) creates clearance levels and assigns clearance levels to data assets and to users. Subjects (users) can only access levels to which they have been given clearance and those below.
Objective: Security Concepts
Sub-Objective: Compare and contrast these access control models: Discretionary access control, mandatory access control, Nondiscretionary access control