Comparisons of the Access Control Models

So, with discretionary access control versus mandatory access control, we’re looking at a range of analogue criteria when deciding which of these we may want to use. Ease of management for discretionary access control is offset with mandatory access control by the high levels of security that are offered. But also, the complexity of the day-to-day management and the cost of the day-to-day management. So the lack of flexibility with mandatory access control does lead some people to be cautious about adopting it, because you have that very, that very bureaucratic administrative route of routing all access change requests through the administrative body. And we’re using here levels of access.

It’s worthwhile saying with all of these models, we’re using levels and types of privilege rather than just, for each identity, saying access is granted. So we’re starting to break the type of authorization up into different types of category. So this gives us a much better route to managing. So mandatory access control provides access based on levels, while discretionary access control bases access largely based on identity. Discretionary access control is more labor intensive than mandatory access control when devolved, because more people are involved in that process. The mandatory access control central administrative body tends to be more onerous as a process though. Discretionary access control is more flexible than mandatory access control.

Users are able to manage permissions much more iteratively and much more fluidly day to day. And mandatory access control, as we’ve said, can only be changed by the administrators, while discretionary access control can be changed by any authorized user.