Default Authorisation
Default Negative Everything forbidden unless explicitly authorised
- Default Positive Anything permitted unless explicitly forbidden
Notes:
Can sometimes change -ve authorisation to +ve authorisation by changing the constraint
Default negative is generally recommended - particularly for networked environments
Default positive or permissive can be used in closed trusted environments - home computers