Access control models
There are several commonly found access control models in a centralized identity management solution.
The access control model that an organization uses depends on certain factors. There might be:
- Externally mandated policies
- The maturity of existing identity management processes
- A range of identity management target systems.
- Future requirements
- The number of users managed
- Risk assessment statistics
- Return on investment statistics
In IBM Security Identity Manager, organizational roles can be used to support the following types of access control models:
- Role-Based Access Control (RBAC)
- This model grants access privileges to users based on the work that they do within an organization. The model allows an administrator to assign a user to single or multiple roles according to their work assignments. Each role enables access to specific resources.
- Discretionary Access Control (DAC)
- This model enables the owner of a resource to decide whether to allow a specific person access to the owned resource. This system is common in distributed environments that evolved from smaller operations into larger ones.
- Mandatory Access Control (MAC)
- This model enables grouping or marking resources according to a sensitivity model. This model is most commonly found in military or government environments. An example of this model is the marking of Unclassified, Restricted, Confidential, Secret, and Top Secret resources. The privileges that a user is granted to view certain resources depends on the clearance level of the user.