I have some doubts regarding some cccure Quiz questions and concepts mentioned below. Would really appreciate it if you could take out some time and help me with them. Request you to please provide a quick reply as I need to appear for the exam in the month of July.
The correct answer is: to specify what objects can be accessible.
With Discretionary Access Control, the subject has authority, within certain limitations, to specify what objects can be accessible.
For example, access control lists can be used. This type of access control is used in local, dynamic situations where the subjects must have the discretion to specify what resources certain users are permitted to access.
When a user, within certain limitations, has the right to alter the access control to certain objects, this is termed as user-directed discretionary access control. In some instances, a hybrid approach is used, which combines the features of user-based and identity-based discretionary access control.
Thanks to Craig Meyerfor providing a new reference for this question.
There are two terms you MUST be familiar with when discussing access control within the CBK.
The first one is SUBJECT and the second one is OBJECT
A SUBJECT is an active entity accessing OBJECTS. The most common subject is a user but it could also be a process, an application, etc...
An OBJECT is a passive entity containing data. Such as a file, a DB entry, a print queue, an I/O pipe
Contributors:Rakesh Sud, Sasa Vidanovic, Christian Vezina
My doubt: My doubt is regarding the line highlighted in red above:
In some instances, a hybrid approach is used, which combines the features of user-based and identity-based discretionary access control.
Could someone please explain:
What is user-based access control?
Is my understanding correct that identity based access control is another name for Discretionary Access Control?