Next: Mandatory access control (MAC) Up: Policies Previous: Policies
Under this scheme an entity may be granted access rights that permit the entity, by its own volition, to enable another entity to access some resource. It is usually provided using an Access control matrix.
In such a matrix, one dimension consists of identified subjects that may attempt to access the resources, while the other dimension lists the objects that may be accessed. Each entry in the matrix then consists of a particular access right setting, for a particular subject and object.