Home
Certification Preparation
CompTIA
Security+
Access control models
cashew
I understand the difference in the big three (MAC, DACS, RBACS) of Access control but need a little more clearity. Do all of there rely on ACL's for their permissions? For the examples listed below, we'll assume that I'm applying NTFS permissions to an ACL of a folder in Win2k3:
MAC - Public, Confidential, Private, Secret. Would these be the names of 4 groups, or would you classify your group creation based on the sensitive nature of the file? Joe and Frank is a member of the Confidential Group, Bob is a member of the Private group, Susie is a member of Confidential, and everyone is a member of public.
RBACS - Based on the roles of the coroporation (my last job did this): CS Agent, Market Designers, Accounting read, Accounting write, etc.
DACS - Employees are governed on the rules of AD and have the ability to create folders and files where permissions allow them to. If the employees create a file, they are the owner and may modify the ACL of the created object at their discretion?
Does this seem about right?
Find more posts tagged with
Comments
There are no comments yet
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
