h4cker/cheat_sheets/access_control_cheatsheet.md
2024-01-26 11:58:50 -05:00

1.6 KiB

Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC)

Feature DAC MAC RBAC ABAC
Access Control Basis Based on identity of the requester and the discretion of the owner Based on classifications and security clearances Based on roles within an organization Based on attributes (user, resource, environment)
Access Decision Owners of the resource decide who can access it System-enforced, not changeable by users Access based on roles and their permissions Decisions based on a set of policies involving attributes
Flexibility Highly flexible with individualized control Less flexible, focuses on classification levels Moderately flexible, easy to manage Highly flexible and granular
Complexity Can become complex with many users and permissions High, due to strict policy enforcement Medium, depends on roles and permissions setup High, due to complex policy definitions