16. Mandatory Access Control (MAC) in the Workplace

Mandatory Access Control in the Workplace

In MAC, access is controlled by a central authority based on security labels or classifications. Individual users and data owners cannot change these permissions.

Centralized Policy

Access is enforced across the system according to a fixed policy, not personal choice. It is commonly used where strict control is required.

Separation of Duties

MAC is often used with separation of duties, so users only access information related to their responsibilities. This limits unnecessary exposure and supports tighter security.

Main Idea

MAC gives access based on centrally enforced security rules, not user choice, and limits users to only the information needed for their role.