Discretionary Access Control (DAC)

A systems administrator needs to implement an access control scheme that will allow an object's access policy to be determined by its owner.

Which of the following access control schemes BEST fits the requirements?

A.

Role-based access control

B.

Discretionary access control

C.

Mandatory access control

D.

Attribute-based access control.

B.

The access control scheme that BEST fits the requirement of allowing an object's access policy to be determined by its owner is Discretionary Access Control (DAC), option B.

Discretionary Access Control (DAC) is a type of access control model that allows the owner of an object (such as a file, folder, or resource) to determine who has access to that object and what level of access they have. In a DAC model, the owner of an object can grant or restrict access to the object as they see fit.

The other access control models are:

• Role-based access control (RBAC) is a type of access control model that assigns permissions to users based on their role or job function within an organization. RBAC does not allow the owner of an object to determine its access policy.
• Mandatory Access Control (MAC) is a type of access control model that is typically used in government or military settings. In a MAC model, access to objects is determined by a set of predefined rules or policies, rather than by the object's owner.
• Attribute-based access control (ABAC) is a type of access control model that determines access based on a set of attributes or characteristics of the user, the object being accessed, and the environment in which the access request is made. ABAC does not allow the owner of an object to determine its access policy.

Therefore, out of the four access control schemes listed, Discretionary Access Control (DAC) is the one that allows the owner of an object to determine its access policy and is the best fit for the given requirements.