# Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC)

| Feature                | DAC                                                  | MAC                                                | RBAC                                                 | ABAC                                                       |
|------------------------|------------------------------------------------------|----------------------------------------------------|------------------------------------------------------|------------------------------------------------------------|
| Access Control Basis   | Based on identity of the requester and the discretion of the owner | Based on classifications and security clearances | Based on roles within an organization                | Based on attributes (user, resource, environment)          |
| Access Decision        | Owners of the resource decide who can access it      | System-enforced, not changeable by users           | Access based on roles and their permissions          | Decisions based on a set of policies involving attributes  |
| Flexibility            | Highly flexible with individualized control          | Less flexible, focuses on classification levels    | Moderately flexible, easy to manage                  | Highly flexible and granular                               |
| Complexity             | Can become complex with many users and permissions   | High, due to strict policy enforcement             | Medium, depends on roles and permissions setup       | High, due to complex policy definitions                    |