£199.99 £139.99 for one year of Unlimited learning. Offer ends on 14 November 2022 at 23:59 (UTC). T&Cs apply

Find out more
Skip main navigation


Authorization is needed to enforce security and manage permissions. Learn more about how this is addressed.

Let’s wrap up what you have learned.

  • Any access to resources using an identity should be authenticated, and beyond that authentication, we need ongoing authorization. This is needed to enforce security and accounting with each attempt to use a privilege, whether the attempt is successful or not. The security kernel ensures ongoing authorization for all transactions within an operating system. This security kernel model is common to all modern operating systems.

  • A number of access control models exist within discretionary access control, mandatory access control, and role-based access control. Role-based access control remains the most popular. DAC, MAC, and RBAC are the most commonly known models. Attribute-based access control is the next-generation access control model, and is gaining in popularity.

This article is from the free online

Cyber Security Foundations: Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education