Access models
I'm trying to make sense of MAC, DAC, and RBAC and I'm really only confused about DAC and RBAC. I'm trying to find situations where either of these would be used in a real-world environment. Most NT environments I've worked in used something that sounds similar to the two, but can you have more than one access model in place?
For instance, DAC only assigns the least amount of power to a user. I've seen then done many times, where an administrator will assign user specific privileges applying to their work. RBAC, from what I understand, joins a user to a group that has the privileges that s/he needs.
In a network operating windows server, can these be used together? *confusion* >_o
KG
For instance, DAC only assigns the least amount of power to a user. I've seen then done many times, where an administrator will assign user specific privileges applying to their work. RBAC, from what I understand, joins a user to a group that has the privileges that s/he needs.
In a network operating windows server, can these be used together? *confusion* >_o
KG
Present goals: MCAS, MCSA, 70-680
Comments
-
Webmaster
Admin Posts: 10,292 Admin
Yes, the models are models. Meaning that actual systems are built according to characteristics of the model, but it doesn't mean that systems follow a model on all points or that a system can't use aspects of multiple models.
Check the last paragraph in my Access Control Models TechNotes here:
www.techexams.net/technotes/securityplus/mac_dac_rbac.shtml