CompTIA Security+ Access Control Models (EXAMCRAM CompTIA Security+ SY0-501 Fifth Edition by Diane Barrett/Marty M. Weiss)
Mandatory access control (MAC) -The most basic form of access control involves assigning labels to resources and accounts (ex. SENSITIVE, SECRET and PUBLIC). Also referred to as multilevel access control. Discretionary access control (DAC) - A slightly more complex system of access control involves restricting access for each resource in a discretionary manner. DAC scenarios allow individual resources to be individually made available or secure from access. Access rights are configured at the discretion of the accounts that have the authority over each resource, including the capability to extend administrative rights through the same mechanism. In DAC, a security principal (account) has complete control over the objects that it creates or otherwise owns, unless this is restricted through group or role membership. The owner assigns security levels based on objects and subjects and can make his or her own data available to others as desired. A common scenario for DAC is online soci...