Discretionary Access Control

STUDY
PLAY
Mechanisms to control what respuces users can access
What is Access Control?
Discretionary Access Control, Role Based and Mandatory Access Control
What are the 3 types of Access Control?
Discretionary Access Control (DAC)
"In _____ an entity may be granted access rights that permit the entity, if they choose to do so,
to enable another entity to access a resource."
TRUE. Yes, D.A.C is a common access control scheme in operating systems and database management systems.
(T/F) "D.A.C is a common access control scheme in operating systems and database management systems."
An Access Matrix specifies access rights of subjects on objects.
What does an "Access Matrix" do?
Access Control List (ACL) or Capability List.
Because in practice an Access Matrix is sparse, it should implemented in one of two ways, an ______ list or ______ list.
Access Control List for each object list subjects and their access rights.
Explain an Access Control List:
Capability List for each subject, list objects and the rights the subject has on that object.
Explain a Capability List:
Alternative Implementation is the authorization table listing subject, access mode and object.
What is Alternative Implementation?
TRUE. Yes, Alternative Implementation is easily implemented in the database.
(T/F) "Alternative Implementation is easily implemented in the database."
In Role Based Access Control users are assigned to roles; access rights are assigned to roles.
Explain Role Based Access Control:
Roles are typically job functions and positions within the organization.
What are roles?
Static or Dynamic.
Users may be assigned multiple roles, _____ or ______.
Temporary assignments of user to roles.
In Role Based Access Control, what are Sessions?
An Access Control Matrix can map users to roles and roles to objects.
What can an Access Control matrix do?
YOU MIGHT ALSO LIKE...