3 Types of Access Control – Pros & Cons

Access control system illustration

Are you planning to implement access control at your home or office? If yes, have a look at the types of access control systems available in the market and how they differ from each other with their advantages and disadvantages. 

Types of access control system

  1. Discretionary Access Control (DAC)
  2. Mandatory Access Control (MAC)
  3. Role-Based Access Control (RBAC)  

Discretionary Access Control (DAC)

Discretionary Access Control is a type of access control system where an IT administrator or business owner decides on the access rights for a person for certain locations physically or digitally. 

DAC is less secure compared to other systems, as it gives complete control to the end-user over any object they own and programs associated with it.  

When it comes to security, Discretionary Access Control gives the end-user complete control to set security level settings for other users and the permissions given to the end-users are inherited into other programs they use which could potentially lead to malware being executed without the end-user being aware of it.


  • Users may transfer object ownership to another user(s).
  • Users may determine the access type of other users.
  • After several attempts, authorization failures restrict user access.


  • Inherent vulnerabilities (Trojan horse)
  • ACL maintenance or capability
  • Limited negative authorization power

Mandatory Access Control (MAC)

Mandatory access control (MAC) is a network-based access control where settings, policy and passwords are established and stored in one secure network and limited to system administrators. This access control is managed from a central computer where an administrator can grant or revoke access from any individual at any time and location. It should be noted that access control technologies are shying away from network-based systems due to limited flexibility. 

Mandatory access has a set of security policies constrained to system classification, configuration and authentication. It defines and ensures centralized enforcement of confidential security policy parameters. 


  • MAC is more secure as only a system administrator can control the access
  • Reduce security errors


  • MAC policy decisions are based on network configuration

Role-Based Access Control (RBAC)

As the name suggests, a role-based access control system is when an administrator doesn’t have to allocate rights to an individual but gets auto-assigned based on the job role of that individual in the organisation. So, it’s clear. The administrator has less to do with policymaking.

Role-based access control is high in demand among enterprises. This is because an administrator doesn’t have to give multiple individuals particular access; the system administrator only has to assign access to specific job titles.


  • Centralized and comprehensive
  • Less hands-on and thus overhead for administrators


  • Less customizable


There is a lot to consider in making a decision about access technologies for any building’s security. Knowing the types of access control available is the first step to creating a healthier, more secure environment. Doing your homework, exploring your options, and talking to different providers is necessary before installing an access control system or apartment intercom system at your home or office.