Loading page
MAC, DAC, and RBAC are the access control models on the SY0-701 exam. They differ in who decides access and how rigid that decision is. The exam loves to give a scenario and ask which model it describes.
Last updated June 2026
| Aspect | MAC | DAC | RBAC |
|---|---|---|---|
| Full name | Mandatory Access Control | Discretionary Access Control | Role-Based Access Control |
| Who sets access | The system, centrally, by policy | The data owner, at their discretion | An administrator, by job role |
| Based on | Security labels and clearance levels | Owner choices, via ACLs | The role or job function of the user |
| Flexibility | Rigid, very strict | Flexible, user controlled | Structured, scales with the org |
| Typical use | Military, government, high-security systems | Most commercial operating systems | Enterprises and large organizations |
| Example | A Top Secret file is readable only with Top Secret clearance | A user shares a file they own with a colleague | A Nurse role grants access to patient records |
MAC is enforced by the system with labels and clearances (most rigid), DAC lets the owner decide (most flexible), and RBAC assigns access by job role (scales best). The exam also references ABAC (attribute-based) and rule-based access control.
Reading the difference is a start. SecPlus Mastery drills it with over 1,000 practice questions, timed mock exams, and spaced review across all five SY0-701 domains, so it sticks for exam day.
Written to the CompTIA Security+ SY0-701 objectives. CompTIA and Security+ are trademarks of CompTIA, used here for identification only.