Mark works as a Network Administrator for NetTech Inc.
He wants users to access only those resources that are required for them.
Which of the following access control models will he use?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
Mark wants to ensure that users can access only those resources that are necessary for their job functions. To achieve this goal, he needs to implement an access control model that can effectively manage and enforce access control policies.
Access control models are frameworks that specify how access rights are granted and managed in a system. There are several types of access control models, including Mandatory Access Control (MAC), Role-Based Access Control (RBAC), Discretionary Access Control (DAC), and Policy Access Control.
Mandatory Access Control (MAC) is a highly restrictive access control model that is typically used in environments with high security requirements, such as military and government organizations. In MAC, access decisions are based on a set of predefined rules and policies, and users have very little control over their own access rights. MAC is not a suitable choice for Mark's requirement because he wants users to access only those resources that are required for them, and MAC would not allow such a level of flexibility.
Role-Based Access Control (RBAC) is a popular access control model that is commonly used in enterprise environments. In RBAC, access decisions are based on the roles that users have within the organization. Each role has a set of permissions associated with it, and users are granted access to resources based on their role. RBAC is a suitable choice for Mark's requirement because it allows him to define roles based on job functions and grant access to resources based on those roles.
Discretionary Access Control (DAC) is a flexible access control model that allows users to control access to resources that they own. In DAC, access decisions are based on the discretion of the resource owner. DAC is not a suitable choice for Mark's requirement because he wants to ensure that users can access only those resources that are necessary for their job functions, and DAC would not provide that level of control.
Policy Access Control is not a recognized access control model in the industry, so it is not a suitable choice for Mark's requirement.
In conclusion, the best access control model for Mark's requirement would be Role-Based Access Control (RBAC). With RBAC, he can define roles based on job functions and grant access to resources based on those roles, thus ensuring that users can access only those resources that are required for them.