What are the Different Types of Access Control?

31/03/2020 in Security

Access control systems are one of the most effective modern security measures that construction site managers can take to safeguard their sites from those who are not authorised to be there, helping to reduce crime, manage and monitor the flow of people, and improve health and safety standards.

In the past, simply locking up a construction site out-of-hours was the norm; however, with the introduction of new, smart technology, many businesses want more from their security.

Here, we discuss the four core models of access control system that exist and the pros and cons of each.

Discretionary Access Control (DAC)

This is the most flexible type of access control model, as it gives the site owner or manager complete control over the people who can gain access to specific areas of the site or premises. Using a DAC system, every entry point will have its own Access Control List, which notes the individual or groups of workers, suppliers or other types of visitor who will be able to enter.

A DAC system is generally straightforward to use, running on standard computer operating systems, such as Windows, thus making it easy to control and configure for most administrators. Permissions can be modified quickly as they see fit, enabling them to choose who can enter and from which access point.

One drawback of such an access system is that administrators may have too much authority, which means that they could, hypothetically, pass on access to the wrong type of person, putting assets and site workers at risk. Moreover, this system may be more vulnerable to malware than other types of access control system.

Mandatory Access Control (MAC)

A MAC system is the strictest of all types of access control, which makes it perfect for Governmental organisations and other high-security premises. These systems operate so that rigid restrictions are placed on all entry points, such as gates or doors, based on the settings that the administrator or manager creates. This means that staff and other people entering the site are given no control over access permissions, being able to only enter and exit at the points that are assigned to them by the people in charge, according to their specific classification.

If the person in control of the system wants to issue a different level of access to a person, they must, in general, create an entire new profile and classification for that person, as previous permissions cannot be over-ridden easily.

Due to the stringent nature of this type of access control, MAC would probably not be necessary within the majority of construction sites.

Role-Based Access Control (RBAC)

RBAC is perhaps the most widely used type of access control. Here, access permissions can be granted to people based on their role within the organisation or construction site. For instance, if a person is classified as a “construction project manager”, they will automatically be granted the access permissions given to those with that job title. This might mean they can access all areas of the site or just specific zones – it all depends on the permissions given to them based on their role.

This type of access control model is beneficial for many businesses, as it is easy to set-up and is very user-friendly. The manager or administrator of the site simply specifies the predefined roles and the access they’d like to permit to each role.

However, problems may occur when staff need to access areas they are not permitted to, perhaps in emergencies or one-off situations, in which case, only the person in control of the system has the ability to edit permissions, which may not always be possible depending on the way the system is configured.

Rule-Based Access Control

Not to be confused with the above, rule-based systems grant permissions based on particular rules or restrictions. For example, if you only wish for staff to enter the site at certain times of the day or on certain days of the week, then a rule-based system would be useful.

Similarly, rule-based systems can restrict access to users that are not in the right location or those who are not using the correct device to enter. For extra security, with rule-based systems, permissions may also be denied based on the number of past attempts performed to attempt to gain access.

This model is best for organisations where accountability is essential and where site owners need to control the times and areas that staff can enter. It is also more flexible than the other types, allowing administrators to modify permissions and rules according to the ever-changing nature of a construction project, which is highly beneficial.