This paper presents three mainstream access control strategies : discretionary access control, mandatory access control and role-based access control, and compares with each other. 介绍了自主访问控制、强制访问控制和基于角色的访问控制三种主流的访问控制策略,并进行了对比分析。
The NSA found that most operating systems'security mechanisms, including Windows and most UNIX and Linux systems, only implement " discretionary access control "( DAC ) mechanisms. NSA发现大部分操作系统的安全机制,包括Windows和大部分UNIX和Linux系统,只实现了“选择性访问控制(discretionaryaccesscontrol)”(DAC)机制。
The first level is the traditional Discretionary Access Control(DAC) ( DAC ). 第一级是传统的自主访问控制(DiscretionaryAccessControl,DAC)。
Discretionary access control ( DAC ) is the primary access control mechanism that enables access to SQL objects using privileges and roles. 自主访问控制(DAC)是主要的访问控制机制,通过特权和角色支持访问SQL对象。
Fine-granularity discretionary access control based on Access Control List ( ACL ) may grant authority to one user or group, but it may grant unapt authority or remove authority not timely. 基于访问控制表(ACL)的细粒度自主访问控制机制可以实现针对单个用户或用户组的访问授权,但是在实际使用中可能造成不适当授权或权限撤销不及时的缺陷。