Which access control model gives the owner discretion to grant or revoke access to resources?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the CAHIMS Exam with interactive flashcards and multiple choice questions. Each question offers hints and detailed explanations. Ensure your success in healthcare IT by studying effectively!

Multiple Choice

Which access control model gives the owner discretion to grant or revoke access to resources?

Explanation:
Discretionary Access Control gives the owner the authority to decide who can access a resource and what they can do with it. In this model, the resource owner can set and modify permissions, typically using an access control list or similar mechanism attached to the resource, and can grant or revoke rights for each user as they see fit. This places control in the hands of the owner, rather than a centralized policy. This differs from mandatory access control, where access decisions are governed by system-wide rules and labels and owners cannot unilaterally alter permissions. It also differs from role-based access control, which assigns rights to roles and then assigns users to those roles, rather than giving each owner individual discretion. And least privilege is a guiding principle about giving the minimum rights needed, not a model of who controls permissions.

Discretionary Access Control gives the owner the authority to decide who can access a resource and what they can do with it. In this model, the resource owner can set and modify permissions, typically using an access control list or similar mechanism attached to the resource, and can grant or revoke rights for each user as they see fit. This places control in the hands of the owner, rather than a centralized policy.

This differs from mandatory access control, where access decisions are governed by system-wide rules and labels and owners cannot unilaterally alter permissions. It also differs from role-based access control, which assigns rights to roles and then assigns users to those roles, rather than giving each owner individual discretion. And least privilege is a guiding principle about giving the minimum rights needed, not a model of who controls permissions.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy