Discretionary access conrol

I came across a question worded similarly to the following:

The groups and permissions of a SharePoint site have been set up by the security department. No one may change the permissions and all requests for access are centrally managed by by the security department. This can best be described as:
a) DAC
b) MAC
c) Rule based access control
d) User assigned privileges

The answer is 'a' (through process of elimination, I picked 'd'). This does not fit my understanding of DAC. Thoughts?

Find more posts tagged with

Comments

TechGuru80

Essentially DAC is: somebody creates an object and only they can give access.

samurai86

I do understand this as DAC as well. I think they are trying to trip you up slightly by throwing the "security" department in there. But in the question they infer that the security department is the owner of the SharePoint system. Since they (the owner aka the Security department) delegate permissions, this would be a DAC environment.

At least this is how I see it.

Edit: Also in a MAC environment confidentiality is key. A question with MAC as the answer would likely mention confidentiality, military, labels, classification, along with being centrally managed.

TechGuru80

samurai86 wrote: »

Edit: Also in a MAC environment confidentiality is key. A question with MAC as the answer would likely mention confidentiality, military, labels, classification, along with being centrally managed.

That is what I have seen anytime talking about MAC...classification or government. MAC also requires the most effort because you can inherit access with DAC.

samurai86

Tis true

5502george

MAC questions will normally be associated with labeling or classification from what I have seen.