Role based access control
This works by restricting system access to only authorised users. It's an approach to implement mandatory access control or dicretionary access control. It could be used to allow access to certain folders within a workspace.
Allows you to create hierarchies where managers automaticallt get all the permissions of their direct staff.
In the event of role explosion, translating use requirements to roles can be complicated.
Attribute-Based access controls
An authorisation model that evaluates the characteristics, rather than roles, to determine access.
Administrators have the luxury of choosing from a large set of attributes, which helps them formulate highly specific rules.
Can be hard to implement, especially in time-constrained situations
Mandatory access control
A method of limiting access to recoursed based on the sensitivity of the information that the resource contains.
- High level data protection
- Centeralised information
Careful set-up process - MAC must be set up with good care otherwise it will make working chaotic.
Discretionary access control
Restricting access to object based on the identity of the subject. (the user or group which the user belongs)
Easy to maintain