🔒 Access control methods
Role based access control
This works by restricting system access to only authorised users. It’s an approach to implement mandatory access control or discretionary access control. It could be used to allow access to certain folders within a workspace.
Allows you to create hierarchies where managers automatically get all the permissions of their direct staff.
In the event of role explosion, translating use requirements to roles can be complicated.
Attribute-Based access controls
An authorisation model that evaluates the characteristics, rather than roles, to determine access.
Administrators have the luxury of choosing from a large set of attributes, which helps them formulate highly specific rules.
Can be hard to implement, especially in time-constrained situations
Mandatory access control
A method of limiting access to recourse based on the sensitivity of the information that the resource contains.
- High level data protection
- Centralised information
Careful set-up process — MAC must be set up with good care otherwise it will make working chaotic.
Discretionary access control
Restricting access to object based on the identity of the subject. (the user or group which the user belongs)
Easy to maintain