Posted on 23 February 2023

What are the four main access control models?

Advantages of Access Control

Access control is a vital form of security, as it limits access to information and information processing systems. When used effectively they majorly reduce the risk of information being accessed without the appropriate authorisation process, unlawfully and the risk of a data breach within the organisation. It is also considered to be a very cost-effective way to implement a higher security level, as it cuts back on personnel while ensuring access permissions are correct.

Disadvantages of Access Control

However, like anything, access control can come with its drawbacks. It can become very time consuming, as the two factor authentication requires all users to verify their identity twice rather than just once like most other systems. It also creates more to remember, as the person may have to carry a key and remember a passcode. There can be issues with certain types of access control, such as fingerprint scanner, as it may struggle to recognise fingerprints sometimes.

Types Of Access Control

There are 4 main access control models, Discretionary, mandatory, role-based and rule-based, that determine privileges that their users can access, based on the confidentiality of the information stored within company systems.

Role-based access control (RBAC)

Role based access control is where a security professional determines the users’ permissions or privileges, based on their role within the company. For example, the employees title, position or type of employment status. This is commonly used by most large organisations to provide their employees with a varied level of access based on their roles and responsibilities.

Rule-based access control (RuBAC)

Rule based access control is where a security professional or system administrator set access management rules that allow or deny user access to specific areas, regardless of other permissions that the employee or user may already have. This allows system owners to personalise the type of access a user has based on their role within an organisation. It allows users to be grouped into roles based on their job description, which will determine their system access needs.

Discretionary access control (DAC)

The decisions on user permissions are taken at the discretion of one person, who may or may not have security expertise. This limits the number of people who can edit user permissions, which can put an organisation at risk because the decision maker may not be aware of the security implications of their decisions. However, this form of access control does help to minimise security risks and can increase the reliability of the organisation.

Mandatory access control (MAC)

Mandatory access control gives the responsibility of access decisions to a security professional who is the only individual with authority to set and manage permissions and access rights. This type of access control is often used within businesses who protect sensitive data or property, and therefore require the highest possible level of security status. For example, it is often employed in government and military facilities, to ensure full confidentiality at all times.

Overall, the advantages of having Access Control completely out way the disadvantages, it is just about finding the correct type for you and your business. Having an extra layer of security within a business is incredibly important, especially when it comes to employee and client information.