Difference between Non-discretionary and Role-based Access control?

Question

What's the difference between Non-discretionary access control and Role-based Access Control? In CISSP book both mentioned in the different paragraph as in different entity. But In some other place (Cisco Learning Resource) it is said that,

Non-discretionary access control is also known as RBAC.

So is there any difference between them (if yes then what are they) or they are same?

https://security.stackexchange.com/a/9211/6253 – schroeder Jan 31 '18 at 19:27 — schroeder, Jan 31 '18 at 19:27

score 1 · Answer 1 · answered Jan 31 '18 at 21:25

RBAC can be discretionary access control, with anyone in the role granting it to you, or mandatory access, with only the security officer granting the role upon application from a manager.

The latter is more common, so the book probably just conflated the two.

Difference between Non-discretionary and Role-based Access control?

1 Answers1