Which model enables access decisions based on both system-wide and context-sensitive attributes?

The model that enables access decisions based on both system-wide and context-sensitive attributes is Attribute-Based Access Control (ABAC). ABAC offers a flexible access control mechanism that evaluates attributes associated with entities (users, resources, and environment) to determine access rights. This model allows organizations to create complex and contextually relevant policies, incorporating various factors such as time of access, location, and the state of the system, alongside user and resource attributes.

For instance, ABAC can dictate that a user is granted access to a resource only under specific conditions, such as if they are logged in during business hours and from a secure network. This granularity and adaptability make ABAC particularly suited for dynamic environments where access needs may change frequently, providing a significant advantage over more static models like role-based or mandatory access controls.

In contrast, role-based access control (RBAC) primarily relies on user roles to define access privileges without considering the broader context or varying conditions, while discretionary access control (DAC) allows resource owners to make individual access decisions without a complex attribute framework. Mandatory access control (MAC), on the other hand, enforces access policies determined by a central authority based on system-wide classifications, limiting its reactive capabilities to changing conditions or context.