User Access controls.

Question 1

How does Attribute Based Access Control (ABAC) work?

Answer 1

Gives control over what users have access to is based off of characteristics that have been given to them.
Examples of this include: Job role, their department and their rank in the company.

Question 2

How does Discretionary Access Control (DAC) work?

Answer 2

• Gives control over a file to its creator leaving the access to the file to their discretion.
• This can be a security risk as the owner of the file can give access to users with inappropriate levels of access risking data breaches.

Question 3

How does Mandatory Access Control (MAC) work?

Answer 3

• The system administrator is the one who controls access to files, being enforced by the operating system.
• Users are unable to control these permissions meaning it is much more secure than DAC.

Question 4

How does Role Based Access Control (RBAC) work?

Answer 4

• Users who have specific roles inside the organisation have certain rights,
• such as a manager having more access to files in a company instead of someone in administration.
• The difference between this and ABAC is that ABAC has many more attributes,
• RBAC is more straightforward with its roles.

Question 5

How does Rule Based Access Control (RuBAC) work?

Answer 5

• Access is given based on rules set by the administrator,
• RuBAC and RBAC can be applied alongside each other adding further restrictions.
• Examples include only giving a senior manager access to sensitive files between their working hours.
  Other examples of rules include location and actions on the data.

Question 6

When to use ABAC?

Answer 6

• When there are many different requirements for users not just basic roles.
• For example different doctors in specific mediums requiring different info.

Question 7

When to use DAC?

Answer 7

When a organisation trusts its users and information is not sensitive.

Question 8

When to use MAC?

Answer 8

On extremely sensitive data like patient records.

Question 9

When to use RBAC?

Answer 9

• When the organisation has clearly defined roles for its employees.
• For example corporate offices, retail companies and software companies.

Question 10

When to use RuBAC?

Answer 10

• When extra levels of access are required beyond user roles.
• For example banks, hospitals and government agencies