ORCON Originator Access Control vs DAC

Originator Access Control vs Discretionary Access Control, ORCON vs DAC,

Originator Access Control vs Discretionary Access Control

Discretionary Access Control

žIf an individual user can set an access control mechanism to allow or deny access to an object, that mechanism is a discretionary access control (DAC), also called an identity-based access control (IBAC).

žDiscretionary access controls base access rights on the identity of the subject and the identity of the object involved. Identity is the key; the owner of the object constrains who can access it by allowing only particular subjects to have access. 

žOriginator Access Control 

Allows originator to determine who can access the resource. i.e. Access control set by creator of information
  • Owner (if different) can’t alter AC 
  • Originator controls access 
  • Originator need not be owner 

You May Also Like...

Socialize with Us