To limit access to data and to set restrictions to protect private data, access control systems are used. Among these access controls, MAC and DAC are commonly used. MAC stands for Mandatory Access Control, and Discretionary Access Control is abbreviated as DAC. This is significant to protect the data and control the access.
Mac vs Dac
The main difference between MAC and DAC is that they differ in the level of restrictions and rules that are set to limit the access of data.MAC enables one to set different access levels and restrictions individually to each and every user. The user gets access to all the data that lies under his access level.
MAC is the mandatory access control and provides a higher level of data security and protection since the power is given to the admin and it cannot be edited by the users. Each and every person are manually assigned to a level by the admin. It is resistant and immune to virus attacks and trojan horse attacks.
DAC is user-friendly as it enables easy and quick access to data and files of other users. It is quite flexible as all the users are given the privilege of accessing and modifying the data and restriction policies. The addition of new users is not chaotic, and the administrator can do it easily. It has the disadvantage of poor data security.
Comparison Table Between Mac and Dac
| Parameters of Comparison | Mac | Dac |
| Function | It restricts the users based on their power and level in the hierarchy. | It provides access to users based on their identity and not on levels. |
| Definition | MAC expands as mandatory access control. | DAC means discretionary access control. |
| Intensity Level | MAC is not labour-intensive. | DAC is extra labour-intensive comparatively. |
| Legibility | MAC is very strict with rules and restrictions, and it is not flexible. | DAC is not that secure due to its high flexibility. |
| Access Controls | Only admins have the power to modify, remove or provide access to users. | DAC allows other users to provide and modify restrictions and also access to other users. |
What is MAC?
The operating system of the MAC provides access to the users based on their personal data and identities. In order to gain access, the user must submit their information. It is the most secure mode of access control. The rules and restrictions are given personally by the admin, and it is followed on a strict note.
The users are not provided with the privilege of editing and accessing other user’s data. It is confidential and secure as the projects and tasks are done with utmost privacy and secret. It is the best system to prevent losses and illegal access to data.
The security system identifies the user and his position so that it grants only the required and appropriate access to data. It is difficult to maintain as the administrator is the only one who can access the database and has to constantly check the prosecco to make sure they are being done without any hurdles or confusion.
MAC depends on manual scaling, and this is a demerit as it biomes laborious for the administrator to handle and manage the data. It is not so user-friendly as all the major rights are reserved for the administrator, and the users do not get access to other user’s data.
What is DAC?
This is an identity-based model of access control. The admin or the owner has the privilege of assigning access either to individuals based in their position in the organization or also create groups with users having the same positions and grant them access to different levels of data.
However, the privilege given to all the users to access and edit other user’s data is also a disadvantage as it becomes chaotic, and there is no specific management or person who can take complete charge for all the errors. It is flexible and decreases the responsibilities and tasks of the administrators, and does not put much burden.
Due to these factors, it is not ideal to be employed in organizations that deal with sensitive and personal data. It is the best option for startups and IT organizations with a small number of employees as it is best suited for their purposes and levels of security.
It has extremely good flexibility, scalability, and simplicity. It is not complex to handle, install and manage. It is simple and easy to learn. It is easy to manage, and the installation cost is also less. It has high granularity. That is, the users are also given the right to transfer rights and access to other groups of users.
Main Differences Between Mac and Dac
- MAC sets the limits for users based on the basis of the level of access they have been assigned, whereas DAC sets the restriction based on an individual’s identity, power, and position in the organization.
- MAC is less secure, whereas DAC provides more security.
- MAC is less intensive for the users, whereas DAC has a high level of intensity.
- MAC follows and implies rules that are strict, while DAC is quite relaxed comparatively when it comes to restrictions.
- MAC allows only the admin to change power and access levels, while DAC provides every user to modify the power and set access levels for their fellow users.
Conclusion
Comparatively, the establishment and setting up of MAC, even when there are a large number of users, is quite easy and not that time-consuming since there are specified levels and you need not set up for every individual.
You can easily categorize the users into different levels and assign them. The setting up of DAC is laborious and takes plenty of time, especially when the organization has many users, as you have to specify and assign access levels to everyone.
There is less commotion and confusion in MAC as the power is given only to the admins, and one can easily keep a record of all the changes and modifications made, but in DAC, since anyone can modify the access levels at times, it may lead to chaos.
References
- https://ieeexplore.ieee.org/abstract/document/1632658/
- https://dl.acm.org/doi/abs/10.1145/3134600.3134638