To limit access to data and to set restrictions to protect private data, access control systems are used. Among these access controls, MAC and DAC are commonly used. MAC stands for Mandatory Access Control, and Discretionary Access Control is abbreviated as DAC.
Mac vs Dac
MAC enables one to set different access levels and restrictions individually to each and every user. The user gets access to all the data that lies under his access level.
MAC is the mandatory access control and provides a higher level of data security and protection since the power is given to the admin and it cannot be edited by the users.
DAC is user-friendly as it enables easy and quick access to data and files of other users. It is quite flexible as all the users are given the privilege of accessing and modifying the data and restriction policies.
Comparison Table
| Parameters of Comparison | Mac | Dac |
|---|---|---|
| Function | It restricts the users based on their power and level in the hierarchy. | It provides access to users based on their identity and not on levels. |
| Definition | MAC expands as mandatory access control. | DAC means discretionary access control. |
| Intensity Level | MAC is not labour-intensive. | DAC is extra labour-intensive comparatively. |
| Legibility | MAC is very strict with rules and restrictions, and it is not flexible. | DAC is not that secure due to its high flexibility. |
| Access Controls | Only admins have the power to modify, remove or provide access to users. | DAC allows other users to provide and modify restrictions and also access to other users. |
What is MAC?
The operating system of the MAC provides access to the users based on their personal data and identities. In order to gain access, the user must submit their information. It is the most secure mode of access control.
The users are not provided with the privilege of editing and accessing other user’s data. It is confidential and secure as the projects and tasks are done with utmost privacy and secret.
The security system identifies the user and his position so that it grants only the required and appropriate access to data.
MAC depends on manual scaling, and this is a demerit as it biomes laborious for the administrator to handle and manage the data.
What is DAC?
This is an identity-based model of access control. The admin or the owner has the privilege of assigning access either to individuals based in their position in the organization or also create groups with users having the same positions and grant them access to different levels of data.
However, the privilege given to all the users to access and edit other user’s data is also a disadvantage as it becomes chaotic, and there is no specific management or person who can take complete charge for all the errors.
Due to these factors, it is not ideal to be employed in organizations that deal with sensitive and personal data. It is the best option for startups and IT organizations with a small number of employees as it is best suited for their purposes and levels of security.
It has extremely good flexibility, scalability, and simplicity. It is not complex to handle, install and manage. It is simple and easy to learn. It is easy to manage, and the installation cost is also less.
Main Differences Between Mac and Dac
- MAC follows and implies rules that are strict, while DAC is quite relaxed comparatively when it comes to restrictions.
- MAC allows only the admin to change power and access levels, while DAC provides every user to modify the power and set access levels for their fellow users.
References
- https://ieeexplore.ieee.org/abstract/document/1632658/
- https://dl.acm.org/doi/abs/10.1145/3134600.3134638
I’ve put so much effort writing this blog post to provide value to you. It’ll be very helpful for me, if you consider sharing it on social media or with your friends/family. SHARING IS ♥️
I am Sandeep Bhandari; I have 20 years of experience in the technology field. I have various technical skills and knowledge in database systems, computer networks, and programming. You can read more about me on my bio page.
