Access Control Models (Part 1) (Domain 4)
Access control models define who can access what, under which conditions—and in this episode, we begin our exploration with Mandatory Access Control (MAC) and Discretionary Access Control (DAC). MAC is rigid and centralized, often used in government or military systems where sensitivity labels and clearance levels determine access, and individual users cannot modify permissions. DAC, by contrast, gives data owners or resource creators the power to grant or revoke access to others, offering more flexibility but introducing potential risk through mismanagement. We explore scenarios where each model is appropriate, and how these choices impact auditing, enforcement, and scalability. While MAC provides strong centralized control, it can be burdensome to administer in dynamic environments; DAC enables speed but must be balanced with oversight and training. Understanding both models is critical to selecting the right access architecture for your organization’s risk tolerance and operational structure.
