What does Mandatory Access Control (MAC) primarily restrict?

Mandatory Access Control (MAC) primarily restricts access to data based on security levels. In a MAC environment, the operating system enforces access policies that are determined by the system's security configuration rather than user discretion. This means that access permissions to files, directories, and other resources are strictly defined by the security labels assigned to both users and the data they are trying to access.

This system is often used in environments where high security is required, such as government or military facilities. Users cannot change permissions; they can only access data according to the security classifications assigned, such as confidential, secret, or top secret. This ensures a higher level of data protection by limiting access to only those with the appropriate clearance level, thereby preventing unauthorized access and reducing the risk of data leaks or breaches.

Consequently, while the other choices may involve aspects of system management or access control, they do not encapsulate the fundamental nature of Mandatory Access Control, which hinges on a strict policy governing who can access what information based on established security levels.