Differences between MAC DAC and RBAC

Today we are going to will explain the differences between MAC DAC and RBAC. That's the reason why you want to know what is the differences between these three security models is because you are preparing yourself for a computer network security systems such as a COMPTIA exam is certification. I had to learn these three models that were explained in the book but how the book explain it did not make any sense to me it's so I will try to explain it in simple English terms so we can all understand it. Please note I use root and administrative has the same. Root is for Unix systems and administrator is for windows


MAC stands for Mandatory Access Control (MAC). its a security model where users are given permissions to resources by an admin or root. These permissions can ONLY be granted by the root user or administrator.Only an administrator can grant permissions or right to objects and resources. In this model only the administrator can change the object user security clearance or security label

DAC stands for Discretionary Access Control (DAC) its a security model where access is given based on user's identity. A user in the system is only given permissions to a system resource by being putting them on an access control list (ACL) associated with system. You must know that an entry on a resource's ACL is known as an Access Control Entry (ACE). Study this for the exam. These permissions are active when a user or group is the owner of an object in the DAC model, the user og group can also grant permissions to other users and groups in the same system. Note that the DAC model is based on resource ownership, this is important for the exam.

RBAC stands for Role-Based Access Control (RBAC). In this security model, access to system resources are based on the role given to a user by the administrator. If an administrator assigns a user to a role that contains certain predetermined system rights and privileges, the user's association with the role, then the user can access only certain system resources and can perform specific tasks assigned by the rules. Please note, as this is important for the exam, RBACK is also known as Non-Discretionary Access Control. The roles assigned to users are centrally administered by the system administrator.

Ok, if you read all these three models, maybe you are still in doubt you understand what it all technically means. the best way to remember is this. so here's i will explain in my own understanding..

  • MAC is access control is a policy, software component, or hardware component that is used to restrict access to a resource. This could be a password, keypad, badge, or set of permissions granted to the resource. when applied, several levels of security must be passed:
  • DAC is Identity - the user mus how identification. this might involved showing a badge or driver's license, entering a logon ID or swiping a card.
  • RBAC Authenticate - the user is authenticated to the network. this can be accomplished with a password, PIN, hand scan, or signature
  • RBAC Authorize - The system restricts the user's access to a particular resource based on a predetermined set of policies

I created this quiz here to help you practice the questions they will ask you in the exam.


MAC DAC And RBAC Access Network Control Models Quiz

7 Quick Questions! Take this quiz to test your knowledge about Access Network Control Models. This quiz is helpful if you are preparing to take the CompTIA network,A+ or any other certification exam. Good Luck!