1
00:00:00,960 --> 00:00:10,030
Access to network resources need to be handled securely by using Access Control Model these models help

2
00:00:10,030 --> 00:00:17,440
to enforce the principle of least privilege concept that was mentioned in the last video.

3
00:00:17,440 --> 00:00:26,240
DISCRETIONARY ACCESS CONTROL defines who can read or write to a resource based on the owner's discretion.

4
00:00:26,410 --> 00:00:33,820
For example when an admin creates a sharepoint site with secure file resources they can decide who has

5
00:00:33,820 --> 00:00:41,620
access to the site based on user group memberships to enforce access control.

6
00:00:41,620 --> 00:00:50,160
A more scalable method of securing access to resources is Mandatory Access Control with Mandatory Access

7
00:00:50,160 --> 00:00:51,010
Control.

8
00:00:51,120 --> 00:00:57,930
The system itself controls who access is resources so you are not relying on the user that created the

9
00:00:57,930 --> 00:01:00,300
resource to permit access

10
00:01:02,940 --> 00:01:11,250
nondiscretionary access control can be referred to as rule based access control or our back meaning

11
00:01:11,250 --> 00:01:14,850
that access to an object is based on certain rules.

12
00:01:15,970 --> 00:01:22,780
For example a salesman would have access to sales files while the user maintains the role of a salesman

13
00:01:23,410 --> 00:01:29,530
but would lose privileges to sales files if they were moved to the marketing department.

14
00:01:29,890 --> 00:01:33,520
So a user's role defines the access control rules.