[Isabelle Tubbs]

Access control models are important tools for an organization to carry out certain goals from their security policy. These models must be clear ways to regulate the interactions between subjects and objects.

Discretionary access control models are very popular because the person who owns the data must determine who is allowed to access it, depending on the user’s identity. The person can use access control lists to do this, but it does not provide an extremely high level of security that some businesses may require. Mandatory access control grants users access depending on how important/sensitive the information they are trying to access is. A user must have clearance to gain access, making this system more secure.

Role-based access control means that the level of access a user receives depends on that user’s role in the organization. Administrators will assign certain people roles as a way to only grant specific people access. Rule-based access control is a model gives rules that will apply to everyone, regardless of role, identity, etc.