2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet587/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   583   584   585   586   587   588   589   590   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Access Control Matrix
An
access control matrix
is a table that includes subjects, objects, 
and assigned privileges. When a subject attempts an action, the system checks the access 
control matrix to determine if the subject has the appropriate privileges to perform the 
action. For example, an access control matrix can include a group of fi les as the objects and 
a group of users as the subjects. It will show the exact permissions authorized by each user 
for each fi le. Note that this covers much more than a single
access control list
(ACL). In 
this example, each fi le listed within the matrix has a separate ACL that lists the authorized 
users and their assigned permissions. 
Capability Tables
Capability tables
are another way to identify privileges assigned to sub-
jects. They are different from ACLs in that a capability table is focused on subjects (such as 
users, groups, or roles). For example, a capability table created for the accounting role will 
include a list of all objects that the accounting role can access and will include the specifi c 
privileges assigned to the accounting role for these objects. In contrast, ACLs are focused 
on objects. An ACL for a fi le would list all the users and/or groups that are authorized 
access to the fi le and the specifi c access granted to each. 
The difference between an ACL and a capability table is the focus. ACLs 
are object focused and identify access granted to subjects for any specific 
object. Capability tables are subject focused and identify the objects that 
subjects can access.
Constrained Interface
Applications use
constrained interfaces
or restricted interfaces to 
restrict what users can do or see based on their privileges. Users with full privileges have 

626
Chapter 14 

Controlling and Monitoring Access
access to all the capabilities of the application. Users with restricted privileges have limited 
access. Applications constrain the interface using different methods. A common method is 
to hide the capability if the user doesn’t have permissions to use it. For example, commands 
might be available to administrators via a menu or by right-clicking an item, but if a regu-
lar user doesn’t have permissions, the command does not appear. Other times, the applica-
tion displays the menu item but shows it dimmed or disabled. A regular user can see the 
menu item but will not be able to use it.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   583   584   585   586   587   588   589   590   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish