Based on system-wide policies that cannot be changed by individual users.
DBMSs use MAC to determine whether a given user can read or write a given object based on certain rules that involve the security level of the object and the clearance of the user.
Main concepts in MAC
Objects–Database objects such as relations, views, tuples, and attributes.
Subjects–Users and programs
Security class –A security level assigned to each database object
Clearance–A permission level to access security classes
Rules–imposed on reading and writing of database objects by users.
Ensures that sensitive data can never be passed on to another user without the necessary clearance.