diff --git a/cheat_sheets/access_control_cheatsheet.md b/cheat_sheets/access_control_cheatsheet.md new file mode 100644 index 0000000..9759843 --- /dev/null +++ b/cheat_sheets/access_control_cheatsheet.md @@ -0,0 +1,9 @@ +# Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC) + +| Feature | DAC | MAC | RBAC | ABAC | +|------------------------|------------------------------------------------------|----------------------------------------------------|------------------------------------------------------|------------------------------------------------------------| +| Access Control Basis | Based on identity of the requester and the discretion of the owner | Based on classifications and security clearances | Based on roles within an organization | Based on attributes (user, resource, environment) | +| Access Decision | Owners of the resource decide who can access it | System-enforced, not changeable by users | Access based on roles and their permissions | Decisions based on a set of policies involving attributes | +| Flexibility | Highly flexible with individualized control | Less flexible, focuses on classification levels | Moderately flexible, easy to manage | Highly flexible and granular | +| Complexity | Can become complex with many users and permissions | High, due to strict policy enforcement | Medium, depends on roles and permissions setup | High, due to complex policy definitions | +