Final answer:
In the Mandatory Access Control (MAC) model, predefined access privileges are designated by a central authority based on security policies. Users and objects are given clearance levels and classification labels. The permissions are not defined by individual users or roles, but are systematically enforced to comply with strict security policies.
Step-by-step explanation:
In the Mandatory Access Control (MAC) model, permissions are not defined by individual users or based on roles. Instead, predefined access privileges are assigned to all users and objects by a central authority. This central authority determines the level of access based on security policies and classifications. Within the MAC model, every object, such as files and directories, has a classification label, and every user has a clearance level. To access an object, a user's clearance level must meet or exceed the object's classification. This ensures a stricter and more secure environment as compared to Discretionary Access Control (DAC) models, where users have control over the permissions of the objects they own.
In practice, MAC systems might use Access Control Lists (ACLs) or security labels that include classification levels to enforce security policies. However, it's critical to understand that in the context of MAC, these attributes are predefined by the central authority and not by individual users or based on their roles, unlike other models such as Role-Based Access Control (RBAC).