I’m studying for my security + I’m not understanding the difference. RBAC just seems like a more detailed version of a MAC, its not clicking with me
In: 1
In MAC, access decisions are made by comparing the clearance of the user with the classification of the data against some ruleset. Basically the owner of the data decides who can access it, and this is enforced by the rules.
With RBAC, what you can do and what you can do it on is dependent on your role and the permissions assigned to that role. The data owner has no control over this.
Latest Answers