• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

studying for the security+ exam

R

rasczak

Lifer
I'm a bit confused with how these versions of access control are implemented. DAC I assume is the owner of the object giving access to individuals as needed, and RBAC giving access to a userd based on their position, but how is that implemented in the case of windows? Would it be similar to creating a group in windows for HR and one for Finance? A new employee is hired on to work for HR, their user account is created and they are added to the HR group will access to the HR shares? Is taht how I am to understand RBAC? Could someone give me exmaples of how MAC and DAC are impleneted?

Thanks!
Joe

**edit**

Does anyone have a site they can recommend for practice testing? Or do i need to purchase them?
 
An example of RBAC would be assigning different roles to a profile and granting that profile to an employee based on their job duties. This is usually done in the Application layer as opposed the OS layer.

All group maintenance in Windows is still DAC. When you create an HR group in AD, there still needs to be an owner of that group granting people access at their discretion.

MAC - based on security classification level. Don't have too much experience w/ MAC administration but imagine resource is granted based on rank and a need to know basis.
 
Yea I think you understand it correctly. Remember that they're just concepts - they're not necessarily going to apply 100% to any OS. A Windows machine uses DAC on a per file/folder basis - you specify the permissions for users or groups of users. Active Directory implements RBAC in a way, since you typically set permissions based on a group, and add/remove users to the groups. For example, if you've ever managed file servers across a WAN, you would have an Accounting group for a specific share, and as employees come and go, you add/remove them to that group in AD, rather than changing the permissions directly on those shares.

I'm a little fuzzy on MAC, but it tends to have inflexible security restrictions that are designed into the foundation of whatever its implemented in. I'm not sure if AS/400 account management would be a good example but its the only thing that comes to mind.
 
Thanks for clearing that up for me. If you all don't mind I may just update this thread when more questions come up.

🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top