> scootoure (Viewer) mentioned you in a post! Join the conversation below:
> This access controls concept is something that I am finding extremely > confusing due to the mixed information across resources. Sybex Official Study > Guide Edition 8, specifically separates Rule-Based Access control from > Discretionary Access control (p.628) stating each is 1 of the 5 access control > models.
OK, in this, at least, the Sybex Official Study Guide Edition 8 is dead wrong. Rule Based Access Control (RBAC) and Role Based Access Control (again, possibly confusingly, RBAC) are orthogonal to mandatory and discretionary access control. Mandatory access control can be either rule or role based (or both), and so can discretionary.
And the Desitination Certification video (and attendant comments) is (are) wrong. Rule-Based Access Control simply uses rules to decide access. Role-Based Access Control assigns and manages people and access on the basis of jobs. They aren't mutually contradictory, as mandatory and discretionary access control are.
> Can you provide insight into why your logic > contradicts the Sybex official study guide.
Because Sybex is wrong.
> What should I follow?
Me. I'm an information scientist. I know everything 🙂
For example, I know that the original paper presenting role based access control *assumed* that it would be used in mandatory access control systems, and only in them. But there was no inherent reason for that, and, these days, we mostly use it in discretionary access control systems (since there aren't that many mandatory access control systems around).