Access control systems is categorized into three variations: discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC). discretionary 
 
  
access control (DAC) is designated to hold leaders of organization accountable of why individual should be allowed access to secured control locations. DAC is the least restrictive unit compared to the other systems that often allow individual or group of individuals complete access to organization network data center. The downside of discretionary access control is allowing authorized users opportunity to upgrade access level, privileges and permissions even to nonmembers of the organization; mandatory access control (MAC) and mandatory access control is utilized in organizations that require an elevated emphasis on the confidentiality, sorting and identification of vital data. Unlike DAC, MAC have an established mechanism to control authorized and unauthorized users’ access to secured data center. Role-Based Access Control (RBAC) appears somewhat challenging and demanding but susceptible in most facet of access control systems. 
Per Fennelly, (2017:256), effective access control system is designated to prevent espionage devices, dangerous materials, assets, records, vital data, and intellectual properties out of the organization facility. Furthermore, access control systems and identification badges often reinforce the recognition of employee activities including Identification (ID) cards, badge exchange, escort of temporary consultant and visitors in and out of the facility. 

1. You have been retained as a Lead Information Technology (IT) Director in University  registrar unit. Student and personnel records are especially important to the institution. Recognizing three essential components of access control systems and identification badges, which of these components; discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC) will you implement to support the institution registrar unit. 
2. Professional inquiry: which of these three types of can be used to protect and defend access rights to the records, data information of students and personnel embedded in the university registrar unit?  Role-based access control

 
Discretionary access control

 
Mandatory access control

 
Relational access control

3. Provide comprehensive narrative on how your plan of action will postulate offensive and defensive measures for the university registrar unit.