![]() Users cannot enter into restricted rooms without the permission of the security administrator.MAC does not give flexibility for users to set access rights and object access parameters. It offers a high level of protection to physical assets. ![]() By implementing MAC, enterprises ensure that only authorized people have access to the respective areas. Several large-scale private enterprises would also use MAC to protect the physical assets such as servers, electricity panels and inventories. These organizations can use MAC to ensure that employees only have access privileges to authorized rooms. It is most suitable for government organizations, hospitals, militaries and law enforcement organizations that operate in restricted environments. Organizations that prioritize physical security over operating costs and operational flexibility should use MAC. Security administrators have limited control over how resources or data are shared within the organization. DAC systems lack negative authorization power. It makes restricted areas vulnerable to theft and vandalism. Physical security is the biggest concern with DAC. DAC is responsive to the business needs of an enterprise. Adding and removing users is easy with DAC. It reduces administrative overheads significantly. DAC allows users to configure their access parameters without the need for an administrator. The implementation of DAC is not complex as it allows users to manage their credentials. Pros and Cons of DAC ProsĭAC is a cost-effective access control mechanism. For instance, DAC is not suitable for a hospital that has several restricted areas. Since SMEs often lack a sufficient budget for a dedicated IT helpdesk, they will let users manage their accesses.ĭiscretionary access control may not be suitable for organizations that have several restricted areas within the building. When is Discretionary Access Control Used?ĭiscretionary access control is the most suitable access control mechanism for small and medium-scale enterprises (SMEs) with limited IT staff. This article provides the pros and cons of MAC and DAC and identifies various scenarios and examples where they can be used. When a user attempts to access a room, the security kernel checks the user’s security label and gives access to only rooms the security label entitles them to. Additionally, the security administrator groups the employees based on their roles or other parameters and assigns a security label to them. These may include titles like Restricted (Level 1), Secret (Level 2), and Top Secret (Level 3). With MAC, the security administrator defines the level of restriction using a hierarchy of security labels. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |