I’m studying for my security + I’m not understanding the difference. RBAC just seems like a more detailed version of a MAC, its not clicking with me
In: 1
Imagine you’re working for the department of defense and trying to access classified documents.
In a MAC system, I can access the documents as long as I have the right clearance. If I have top secret clearance I can see docs classified as secret too. All that matters is I have the right level.
Now imagine I want to segment further. In my top secret docs I have spies, bank accounts, and airplane designs. I can further segment so that only people in the CIA job can see spies, accountants can see the bank accounts, and engineers can see the airplane designs. The LEVEL of classification matters as well as my job. This is RBAC.
Now let’s say I’m a spy and I want to share my spy stories with all of my friends. So I choose a list and post my secrets, which only my friends can see. That’s DAC, or discretionary access control.
Latest Answers