Skip main navigation

Comparisons of the Access Control Models

In this video, you will learn about discretionary access control (DAC) and mandatory access control (MAC).
So, with discretionary access control versus mandatory access control, we’re looking at a range of analogue criteria when deciding which of these we may want to use. Ease of management for discretionary access control is offset with mandatory access control by the high levels of security that are offered. But also, the complexity of the day-to-day management and the cost of the day-to-day management. So the lack of flexibility with mandatory access control does lead some people to be cautious about adopting it, because you have that very, that very bureaucratic administrative route of routing all access change requests through the administrative body. And we’re using here levels of access.
It’s worthwhile saying with all of these models, we’re using levels and types of privilege rather than just, for each identity, saying access is granted. So we’re starting to break the type of authorization up into different types of category. So this gives us a much better route to managing. So mandatory access control provides access based on levels, while discretionary access control bases access largely based on identity. Discretionary access control is more labor intensive than mandatory access control when devolved, because more people are involved in that process. The mandatory access control central administrative body tends to be more onerous as a process though. Discretionary access control is more flexible than mandatory access control.
Users are able to manage permissions much more iteratively and much more fluidly day to day. And mandatory access control, as we’ve said, can only be changed by the administrators, while discretionary access control can be changed by any authorized user.

In this video, you will learn more about discretionary access control (DAC) and mandatory access control (MAC). These two models will be compared in terms of its benefits and limitations.

Reflect and share: Considering your context, share which model would be most suitable for you and why.

This article is from the free online

Cyber Security Foundations: Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education