In which access control model is access decisions entirely up to the owner of the resource?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the CAHIMS Exam with our comprehensive study tools. Quiz yourself with flashcards and multiple-choice questions, complete with hints and explanations. Get confident and ready for your exam success!

Multiple Choice

In which access control model is access decisions entirely up to the owner of the resource?

Explanation:
Discretionary access control is driven by the resource owner. In this model, the person who creates or owns an object—like a file or record—decides who can access it and what they can do with it (read, write, delete, etc.). The owner can grant permissions to other users or groups and can usually revoke or modify those permissions as they see fit. This setup is typically implemented with access control lists or capability lists attached to the resource, reflecting the owner’s choices about access. This contrasts with other approaches. In a mandatory access control system, access decisions come from a centralized policy based on security labels and cannot be altered by individual owners. In role-based access control, permissions are tied to job roles rather than to ownership, so access is determined by what a person’s role allows rather than who owns the resource. The term privileges describes rights or permissions in general, not a distinct access control model. An example helps: you create a document and grant a colleague read access. You can later add or remove that colleague from the access list. That clearly shows the owner controlling who has access and what they can do.

Discretionary access control is driven by the resource owner. In this model, the person who creates or owns an object—like a file or record—decides who can access it and what they can do with it (read, write, delete, etc.). The owner can grant permissions to other users or groups and can usually revoke or modify those permissions as they see fit. This setup is typically implemented with access control lists or capability lists attached to the resource, reflecting the owner’s choices about access.

This contrasts with other approaches. In a mandatory access control system, access decisions come from a centralized policy based on security labels and cannot be altered by individual owners. In role-based access control, permissions are tied to job roles rather than to ownership, so access is determined by what a person’s role allows rather than who owns the resource. The term privileges describes rights or permissions in general, not a distinct access control model.

An example helps: you create a document and grant a colleague read access. You can later add or remove that colleague from the access list. That clearly shows the owner controlling who has access and what they can do.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy