Mark works as a Network Administrator for NetTech Inc.
He wants users to access only those resources that are required for them.
Which of the following access control models will he use?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
Mark's goal is to ensure that users can only access resources that they need to perform their jobs, and to prevent unauthorized access to sensitive information. To achieve this, he needs to implement an appropriate access control model.
There are four primary access control models to choose from: Discretionary Access Control (DAC), Mandatory Access Control (MAC), Policy Access Control (PAC), and Role-Based Access Control (RBAC). Let's take a closer look at each of them:
Discretionary Access Control (DAC): In a DAC system, the owner of a resource has complete control over who can access it. This means that users are granted permissions to access resources based on the discretion of the resource owner. For example, a file owner can decide who can read, write, or delete the file.
Mandatory Access Control (MAC): In a MAC system, access to resources is determined by the security level assigned to the resource and the security clearance of the user. This means that users are granted permissions to access resources based on the security policies defined by the system administrator.
Policy Access Control (PAC): In a PAC system, access to resources is determined by a set of rules or policies that define who can access what resources. These policies are usually defined by a central policy administrator and can be based on user roles, job functions, or other factors.
Role-Based Access Control (RBAC): In an RBAC system, access to resources is determined by the role or job function of the user. Users are assigned to specific roles, and each role is granted permissions to access certain resources based on the requirements of the job function.
Given Mark's goal, the best access control model for him to use would be Role-Based Access Control (RBAC). In an RBAC system, users are only granted access to the resources that they need to perform their job functions. This ensures that users cannot access resources that are not required for their job and helps to prevent unauthorized access to sensitive information.
Therefore, the correct answer is D - Role-Based Access Control (RBAC).