What is Access Control ?
All users may not have permission to access all the resources in a system or network. A system should be able to allow or deny access to certain resources based on identity or role of the user or the group the user belongs to. This can be managed using access control. Access control is the selective restriction of access to a resource based on authenticated identity of the user or the properties of the request.
Access control deals with controlling the access to a resource after a user has provided his credentials and the identity is verified. To give an example, a user or a group of users may have permission to access only a certain set of resources and may be restricted from the rest. It can be managed using access control.
Types of Access Control
Access to resources can be enforced through many types of controls :
- Mandatory Access Control or MAC
- Discretionary Access Control or DAC
- Role Based Access Control or RBAC
- Rule Based Access Control or RAC
- Attribute Based Access Control or ABAC
- History Based Access Control or HBAC
- Identity Based Access Control or IBAC
Mandatory Access Control or MAC
In Mandatory Access Control or MAC, all access to resources are strictly controlled by the Operating System based on settings provided by the system administrator. In this type of access control, security labels are assigned to each resource on a system. This security labels can contain information on classification of the resource (top secret, confidential, public etc) and to whom the resource is available. Similarly, each user is also associated with a classification based on his role, identity,