Access Control

Access Control is using security techniques to protect a system against unauthorized access

Attribute-based Access Control (ABAC)

Access based on attributes

• User attributes
• Object attributes
• Environment conditions

Discretionary Access Control (DAC)

Access based on owner decision - This modal uses an Access Control List (ACL) authorization (ACL is used it to determine who can access resources)

• The data owner of an organization determines the level of access

Graph-based Access Control (GBAC)

Access based on how data relates to other data

• Using an organizational query language

History-Based Access Control (HBAC)

Access based on real-time evaluation of a history of activities

• A user declined access to sensitive info because of past behavior

Identity-Based Access Control (IBAC)

Access based on the identity of the user (this access is by the individual, not by group)

• A specific user has access to sensitive information

Mandatory Access Control (MAC)

Access based on regulations by a central authority

• A user must demonstrate a need for the information before granting access

Role-Based Access Control (RBAC)

Access based on a user role

• Job title

Rule-Based Access Control (RAC)

Access based on a predefined set of rules or access permissions

• Allowing access to specific IP

Responsibility-Based Access Control (ReBAC)

Access based on the responsibilities assigned to a user or users

• Data engineer has access to a backup management interface

id

e1fa805d-5936-4287-9e6d-2a252840792f

References

• https://en.wikipedia.org/wiki/Access_control