Access control models
I understand the difference in the big three (MAC, DACS, RBACS) of Access control but need a little more clearity. Do all of there rely on ACL's for their permissions? For the examples listed below, we'll assume that I'm applying NTFS permissions to an ACL of a folder in Win2k3:
MAC - Public, Confidential, Private, Secret. Would these be the names of 4 groups, or would you classify your group creation based on the sensitive nature of the file? Joe and Frank is a member of the Confidential Group, Bob is a member of the Private group, Susie is a member of Confidential, and everyone is a member of public.
RBACS - Based on the roles of the coroporation (my last job did this): CS Agent, Market Designers, Accounting read, Accounting write, etc.
DACS - Employees are governed on the rules of AD and have the ability to create folders and files where permissions allow them to. If the employees create a file, they are the owner and may modify the ACL of the created object at their discretion?
Does this seem about right?
MAC - Public, Confidential, Private, Secret. Would these be the names of 4 groups, or would you classify your group creation based on the sensitive nature of the file? Joe and Frank is a member of the Confidential Group, Bob is a member of the Private group, Susie is a member of Confidential, and everyone is a member of public.
RBACS - Based on the roles of the coroporation (my last job did this): CS Agent, Market Designers, Accounting read, Accounting write, etc.
DACS - Employees are governed on the rules of AD and have the ability to create folders and files where permissions allow them to. If the employees create a file, they are the owner and may modify the ACL of the created object at their discretion?
Does this seem about right?