Which statement best describes the four main access control models: DAC, MAC, RBAC, and ABAC?

ABAC bases access decisions on attributes of the user, the resource, and the environment, evaluated through policies that combine these attributes. This attribute-driven approach lets decisions be context-aware and highly granular, using factors like user identity, role, time, location, and resource sensitivity to determine whether access is allowed. The other models work differently: Discretionary access control ties permissions to the resource owner’s discretion, often via ACLs; Mandatory access control enforces fixed system-wide classifications and rules; Role-based access control grants permissions to roles and assigns users to those roles. Because ABAC centers on attributes driving decisions, it best describes how access decisions are made in this model.