Access control is the process of limiting the access of ability of users or services to certain resources.
Historically, there have been several access control models:
- discretionary access control (DAC): In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. (source: Wikipedia)
- mandatory access control (MAC): The mandatory part of the definition indicates that enforcement of controls is performed by administrators and the operating system. This is in contrast to the default security mechanism of Discretionary Access Control (DAC) where enforcement is left to the discretion of users.(source: wikipedia)
- Role-based access control (RBAC): Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise. RBAC was formally defined by NIST, the National Institute of Standards and Technology. More can be found on their website.
- Attribute-based access control (ABAC): ABAC extends the way RBAC works. Instead of just focusing on user identities, roles, and groups, ABAC defines attributes (key-value pairs) that can be used to describe users, resources, actions, and context. With ABAC, it is possible to define finer-grained access policies. A common language used to define ABAC is XACML. NIST is currently formalizing ABAC. See their website for more information.
