Discretionary Access control allows the owner of the file to determine who may access the data.
The owner of the file assigns permissions through the use of an ACL (Access Control List).
The ACL is enforced by the operating system, which was determined by the owner of the file.
Nondiscretionary access control is often times referred to as a role-based control method.
This assigns the subject access to an object based on their role, or job description.
The Role-based access control method is very well suited where employee turnover may be high.
A variation of the mandatory access control is the Rule-based access control. As it name implies, rules are set with filters to determine which subjects may access which objects.
Rule-based access control systems often use proxies, firewalls, or routers.
