Access Control Systems

In physical security and information security, Access Control (AC) Systems are the selective restriction of access to a place or other resource, while access management describes the process. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.

Access Control Types & Purpose

Discretionary access control (DAC)

Discretionary access control (DAC)

Purpose:
> DAC the owner of the company can decide how many people have access to a specific location. Each access control point has a list of authorised users, the system checks the credential against the list and either allows or denies access based on the previously set allowances.

Mandatory Access Control
(MAC)

Purpose:
> Mandatory Access Control (MAC) are the most secure type of access control. Only owners and custodians have access to the systems. All the access control settings are preset by the system administrator and can’t be changed or removed without his or her permission.

Role-Based access control
(RBAC)

Purpose:
> Role-based access control (RBAC) is more popular type of access control. Instead of assigning permissions to individual users like in a MAC system, an RBAC system works by assigning permissions to a specific job title. It cuts down on the time required to set up or change user access.
Rule-based access control (RuBAC)

Rule-Based Access Control
(RuBAC)

Purpose:
> RuBAC allows to manage access to resources or data such as files, devices, or even databases. It’s based on a predefined set of rules or permissions. This is regardless of the role of individuals accessing the files. In this type of access control, rules supersede the access and permissions.