WOLF//SEC
← All Labs
LAB 4.5-A Tier 1: In-Browser Obj 4.5 · intermediate · ~20min

Access Control Model Simulator

Apply RBACRole-Based Access Control — Permissions assigned to roles, users assigned to roles, DACDiscretionary Access Control — Resource owner controls access permissions, MACMandatory Access Control — System-enforced access based on security labels, and ABACAttribute-Based Access Control — Access decisions based on attributes (user, resource, environment) to the same access requests in a hospital environment. See how the same request gets different results under different models — and understand why.

What You’ll Practice

  • Determining whether an access request is allowed or denied under RBACRole-Based Access Control — Permissions assigned to roles, users assigned to roles (role-based), DACDiscretionary Access Control — Resource owner controls access permissions (owner-based), MACMandatory Access Control — System-enforced access based on security labels (label-based), and ABACAttribute-Based Access Control — Access decisions based on attributes (user, resource, environment) (attribute-based)
  • Understanding the Bell-LaPadula properties: “no read up” (Simple Security) and “no write down” (Star Property)
  • Seeing how ABACAttribute-Based Access Control — Access decisions based on attributes (user, resource, environment) uses environmental context (time, location, device) to make decisions the other models can’t
  • Comparing model tradeoffs: flexibility vs. strictness, user control vs. system enforcement
  • Recognizing which model CompTIA expects for different scenarios

How the Exam Tests This

Objective 4.5 covers access control implementation. CompTIA tests whether you understand the behavioral differences between models — not just definitions. Questions like “Under MACMandatory Access Control — System-enforced access based on security labels, can a user with Secret clearance write to a Confidential document?” or “Which model considers time of day and device type?” require applied understanding, not memorized terms.

Scoring

Each access attempt is evaluated under all four models (RBACRole-Based Access Control — Permissions assigned to roles, users assigned to roles, DACDiscretionary Access Control — Resource owner controls access permissions, MACMandatory Access Control — System-enforced access based on security labels, ABACAttribute-Based Access Control — Access decisions based on attributes (user, resource, environment)). Per-model accuracy is tracked so you can identify which model you need to study more.

MISSION

The same access request. Four different access control models. Different outcomes.

For each access attempt, you'll decide whether it's allowed or denied under RBAC, DAC, MAC, and ABAC. This builds the intuition CompTIA tests — knowing not just what each model is, but how they behave differently in the same situation.

THE FOUR MODELS

RBAC
Permissions are assigned to roles, users are assigned to roles. Access is determined by your role, not your identity. Most common in enterprise.
DAC
Resource owners control who has access. The creator/owner of a resource decides who can read, write, or execute it. Flexible but prone to over-granting.
MAC
System-enforced labels and clearances. Users have clearance levels, resources have classification labels. The system enforces access rules — no user can override them. Used in military/government.
ABAC
Access decisions based on attributes of the subject, resource, action, AND environment (time, location, device). The most flexible model — the same request can be allowed or denied depending on context. Powers modern cloud IAM.

ENVIRONMENT: CITY GENERAL HOSPITAL

A hospital with strict data handling requirements. Patient records are HIPAA-protected. Staff includes doctors, nurses, administrators, and IT support.
Dr. ChenPhysician (Cardiology) · Secret
Nurse PatelNurse (Cardiology) · Confidential
JonesAdmin Staff (Billing) · Unclassified
GarciaIT Support (IT) · Confidential
6 access attempts × 4 models = 24 decisions · ~20 minutes