Access Control Models
This page is under construction. There is the possibility that the information below is false or incomplete.
Comparing Permissions, Rights, and Privileges
In general, permissions refer to the access granted for an object and determine what you can do with it. If you have read permission for a file ...
A right primarily refers to the ability to take an action ...
Privileges are the combination of rights and permissions. For example, an ...
A basic principle of access control is implicit deny and most authorization mechanisms use it.
An access control matrix is a table that includes subjects, objects, and assigned privileges.
Capability tables are another way to identify privileges assigned to subjects.
Content-dependent access controls restrict access to data based on the content within an object.
Context-dependent access controls require specific activity before granting users access.
This principle ensures that subjects are granted access only to what they need to know for their work tasks and job functions.
The principle of least privilege ensures that subjects are granted only the privileges they need to perform their work tasks and job functions.
System of checks and balances.
Discretionary Access Control
SharePoint is an example of Discretionary Access Control (DAC).
Role-Based Access Control
User groups are an example of Role-Based Access Control (RBAC). e.g. SharePoint Administrator, Administrator, user, etc.
Role-Based Access Control (RBAC) matrices, as a security architecture concept, area way of representing access control strategies visually. They help the practitioner ensure that the access control strategy aligns with the specific access control objectives. Matrices also help show when access controls may conflict with job roles and responsibilities.
When designing an RBAC matrix there are few questions to think about and objectives to achieve.
- Ensure individuals have access to necessary information for their job role
- Maintain the Fundamental Security Design Principle of least privilege
- Who should not have permission?
Access Control Matrix Examples
|Access and modify personnel records
|IT Help Desk
|Makes business plans, policy, and strategy
|Review files, logs, and security practices
|View Modify Delete
Rule-Based Access Control
Access Control Lists (ACLs) within firewalls are an example of Rule-Based Access Control.
Attribute Based Access Control
Locking down remote access to a specific IP is an example of Attribute Based Access Control (ABAC). Usually, an if this "attribute" is true then grant access otherwise deny.
Mandatory Access Control
Military classifications like, CONFIDENTIAL, SECRET, and TOP SECRET are examples of Mandatory Access Control (MAC).