![]() ![]() This is one of the main reasons MAC systems are generally not used in Internet-based applications. You must ensure that your administrative staff is resourced properly to handle the load. An administrator can quickly become overwhelmed as the systems grow larger and more complex. Therefore, the administrator assumes the entire burden for configuration and maintenance. This is because the administrator must assign all permissions. MAC systems can be quite cumbersome to manage. There are some disadvantages to MAC systems. ![]() Because of the high-level security in MAC systems, MAC access models are often used in government systems. The administrator doesn’t have to worry about someone else setting permissions improperly. Centralized administration makes it easier for the administrator to control who has access to what. This is because of the centralized administration. Because of this, MAC systems are considered very secure. Users cannot set their own permissions, even if they own the object. In a MAC model, access is controlled strictly by the administrator. Users can only access resources that correspond to a security level equal to or lower than theirs in the hierarchy. All objects are assigned a security label. All users are assigned a security or clearance level. The hierarchy is based on security level. Derrick Rountree, in Federated Identity Primer, 2013 2.3.1 Mandatory Access Control
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |