access control models

Question 1

Role-Based Access Control (RBAC)

Answer 1

Access is based on your job role.
• Example: A nurse can see patient records, but not change hospital finances

Question 2

Discretionary Access Control (DAC)

Answer 2

Discretionary Access Control (DAC) : The owner of the file decides who can access it.
Example: You create a Word file → you choose who gets read or write access.

Question 3

Rule-Based Access Control

Answer 3

Rule-Based Access Control: Access is based on rules set by the system.
• Example: “Block all traffic after 10 PM” or “Deny USB drives.

Question 4

Attribute-Based Access Control (ABAC)

Answer 4

Attribute-Based Access Control (ABAC):

Access is based on attributes (details) about the user, resource, or environment.
• Example: “Only allow access if the user is in HR, using a company laptop, and located in the office.