Carly has been asked to set up access control for a server. The requirements state that users at a lower privilege level should not be able to see or access files or data at a higher privilege level. What access control model would BEST fit these requirements?

In the MAC model, access control decisions are based on the security labels assigned to both users and resources. Each user and resource is assigned a security label that defines their level of sensitivity or classification. Access is granted or denied based on a set of predefined rules that compare the security labels of the user and the resource.
With MAC, the system enforces strict access controls, ensuring that users with lower privilege levels cannot access files or data with higher privilege levels. This model is commonly used in environments where data confidentiality and integrity are crucial, such as government or military systems.
Discretionary Access Control (DAC) allows users to control access to their own resources, and Role-Based Access Control (RBAC) assigns permissions based on predefined roles. While these models have their own advantages, they may not provide the necessary level of strict control to prevent lower-level users from accessing higher-level resources.
SAML (Security Assertion Markup Language) is a protocol for exchanging authentication and authorization data between parties. It is not an access control model itself but rather a framework for identity and access management. SAML enables single sign-on and federated authentication, but it does not specifically address the requirement of restricting access based on privilege levels.