Mandatory access control (MAC)
Mandatory access control is a method of limiting access to resources based on the sensitivity of the information that the resource contains and the authorization of the user to access information with that level of sensitivity.
You define the sensitivity of the resource by means of a security
label. The security label is composed of a security level and zero
or more security categories. The security level indicates a level
or hierarchical classification of the information (for example, Restricted
, Confidential
,
or Internal
). The security category defines the category
or group to which the information belongs (such as Project A or Project
B). Users can access only the information in a resource to which their
security labels entitle them. If the user's security label does
not have enough authority, the user cannot access the information
in the resource.