Access Control concepts 101: Logical Access models

In this post, we’ll take a look into another basic Cybersecurity concept that is a must-know for any Cybersecurity specialist - logical access models.

Hello everyone,

Today, we’ll focus on another important part of cybersecurity. The logical access controls determine who gets access to what. Access is typically based on three elements: subjects (who), objects (what), and rules (how and when).

In this blog post, we’ll break down what logical access controls are in more detail and look into the three most common models: Role-Based Access Control (RBAC), Mandatory Access Control (MAC), and Discretionary Access Control (DAC).

What Are Logical Access Controls?

Logical access controls are security mechanisms used to regulate who or what can view or use resources. Unlike physical controls (like locks), logical controls rely on software, permissions, and policies.

These controls are implemented through:

• Access control lists (ACLs)

• Security policies

• System configurations

Their goal? Ensure that all users and systems interact with digital resources appropriately and securely.

1. Role-Based Access Control (RBAC)

RBAC is one of the most widely used access control models in modern companies. In RBAC, permissions are assigned to roles, and users are then assigned to those roles based on their responsibilities.

Role-based access control model

Key Concepts:

• Roles reflect job functions (e.g., Manager, Developer, HR)

• Permissions are tied to roles, not individual users

• Users inherit permissions through their assigned role

Benefits:

• Scalable and easy to manage

• Aligns with organizational structure

• Reduces the risk of excessive privileges

2. Mandatory Access Control (MAC)

MAC is the least flexible access control model. The system enforces access policies based on information classifications and user clearances. No one can change access permissions.

Key Concepts:

• Resources are labeled (e.g., Confidential, Secret, Top Secret)

• Users are given a clearance level

• The system restricts access based on matching labels and clearance

Benefits:

• High level of security

• Prevents data leakage

• Ideal for military and highly regulated environments

3. Discretionary Access Control (DAC)

DAC gives control to the owner of the resource. The owner can determine who else can access it and at what level (read, write, execute, etc.).

Key Concepts:

• Owners control access

• Access control is more flexible, but also riskier

• Permissions are often set via Access Control Lists (ACLs)

Benefits:

• Flexible and user-friendly

• Common in personal and less secure environments

Conclusion (Summary)

Comparison - Access control models

Logical access controls are a crucial part of any cybersecurity strategy. And understanding RBAC, MAC, and DAC is a need-to-know for any Cybersecurity specialist.

By applying the correct access control strategy, you ensure that sensitive data remains protected and only the right people can access it.