Discretionary access control systems allow the owner of the information to decide who can read, write, and execute a particular file or service. When users create and modify files in their own home directories, their ability to do this is because they have been granted discretionary access control over the files that they own. On end-user laptops and desktops, discretionary access control systems are prevalent.

Mandatory access control systems do not allow the creator of the information to govern who can access it or modify data. Administrators and overseeing authorities pre-determine who can access and modify data, systems, and resources. Mandatory access control systems are commonly used in military installation, financial institutions, and because of the new HIPAA privacy laws in medical institutions as well.

Role-based access control systems allow users to access systems and information based on their role within the organization. Role-based access allows end-users access to information and resources based on their role within the organization. Roles based access can be applied to groups of people or individuals. For example, you can allow everyone in a group named sysadmin access to privileged resources.

Rule-based access control systems allow users to access systems and information based on pre-determined and configured rules. Rules can be established that allow access to all end-users coming from a particular domain, host, network, or IP addresses. If an employee changes their role within the organization, their existing authentication credentials remain in effect and do not need to be re-configured. Using rules in conjunction with roles adds greater flexibility because rules can be applied to people, as well as devices.