Setting Up Level-Based Access Control Method

The level-based access control method is used to grant permissions via platform means and is based on assigning a criticality label to system objects and subjects. The method is similar to mandatory access control method.

NOTE. The security level-based access control method can be used together with the discretionary access control method.

If the security level-based access control method is used, all system objects and subjects are assigned with a security level. All security levels have different criticality labels. The security level has a higher security if the value of its criticality label is lower.

To use the level-based access control method:

  1. Select the Use Security Levels checkbox on the Access Control tab of the policies editor.

  2. Create user accounts and groups of users.

  3. Add security levels.

  4. Set security levels for subjects and objects.

Access Control Mechanisms

Level-based control determined possibility to read and edit objects; permissions to delete objects are not determined by the control. In this context, editing objects means changing their contents or access permissions.

A subject can read an object and write to it if the user criticality label is lower than or equal to object criticality label.

The specific level with the security label 0 means that the user is denied to read and write information. A user with this level has no access to any repository object. If this level is assigned to an object, none of the users can have access to it.

Example

Suppose, there are several security levels:

0. Access denied.

1. Restricted access.

2. Limited access.

3. Public access (general use).

Three users with the security levels as follows:

User1. Restricted access (1).

User2. Limited access (2).

User3. Public access (3).

Three objects with the security levels as follows:

a. Restricted access (1).

b. Limited access (2).

c. Public access (3).

Therefore, the structure of the system can be shown as the following chart:

Chart rings are objects, chart sectors are users.

See also:

Selecting Access Control Methods and Their Setup | Adding Security Levels