Rows in Access Control Matrix

ahmedshetta · November 2015

i was solving some quizes in transcender, and i found the following question:

You are examining an access control matrix for you organization, which entity corresponds to a row in the matrix?
1-object
2-subject
3-capability
4-ACL

so i chose subject, but when i checked the answer i found it "capability", then i checked a book called Data protection from Insider Threats, and they mentioned clearly that each row is labeled by a subject and each column represent by an object,
so guys suggest to me which answer is correct???

OctalDump · November 2015

I'm leaning towards either the question is wrong and they meant the HRU Capability Table and not Access Control Matrix, or the answer is wrong and they meant subject.

The only problem I have is that a row, a whole role, in a ACM describes the capabilities (access rights) that a subject has on objects, but I'm not 100% confident that statement is using the right words as far as CISSP is concerned.

sydneysundar · November 2015

I would have been wrong as well...to be honest I can understand why it is capability but that's after looking at the answer!.. I would have chosen object .. as most of the role based access matrix are tied to objects.

barman · November 2015

ahmedshetta wrote: »

i was solving some quizes in transcender, and i found the following question:

You are examining an access control matrix for you organization, which entity corresponds to a row in the matrix?
1-object
2-subject
3-capability
4-ACL

so i chose subject, but when i checked the answer i found it "capability", then i checked a book called Data protection from Insider Threats, and they mentioned clearly that each row is labeled by a subject and each column represent by an object,
so guys suggest to me which answer is correct???

There are two good answers that I know of:
1) The long answer: In a (naive) access control matrix, a row represents the user (a subject) and a column represents the resource you access to (an object). Each index inside the matrix represents the capability of that user. That is, what he is authorized to do. That's his capability for each of the resources available in that matrix. See http://www.cl.cam.ac.uk/~rja14/Papers/SEv2-c04.pdf page 4 (96) and 11 (103).

2) The short answer: This is an English test, mostly

"entity" comes from "entitlement". Entitlements are rights/privileges/capabilities, hence the entity that corresponds to a row is simply his capability (it's the same word for CBK). Look for Larry Greenblatt's CISSP beta course on YouTube and hear his very useful advises. "This is an English test. Read like a lawyer". Good luck.

OctalDump · November 2015

This is an English test, mostly "entity" comes from "entitlement".

Actually those two words have almost nothing to do with each other. Entity is a thing which exists, deriving from the verb "to be". Entitlement, the root word there is "title". So, whilst entities can have entitlements, it's an accident that the words look similar.

Basically, the question is asking "A row in the access control matrix corresponds to which one of these things?" So the answer would be along the lines of "A row in the access control matrix corresponds to a subject" or "A row in the access control matrix corresponds to a capability". If you put it into these terms, it isn't quite right to say capability, because it is a cell which corresponds to 'capability' or capabilities. The whole row is set or group of capabilities of a subject on one or more objects.

So, if you use the English test method, I think you still end up concluding the test isn't quite right.

Rows in Access Control Matrix

Comments