Which access control type would incorporate mandatory restrictions based on clearance levels?

Lattice-Based Access Control is designed to implement mandatory access controls that enforce restrictions based on a user's clearance level and the classification of the information they are attempting to access. This model creates a lattice structure where users and data objects are assigned security levels, allowing access based on both the user's clearance and the sensitivity of the data. By defining "read" and "write" access levels between different tiers, only users with appropriate clearance can access specific data, thus maintaining strict adherence to security policies and ensuring that sensitive information is protected from unauthorized disclosure.

In contrast, other access control types operate under different principles; for instance, Discretionary Access Control allows resource owners to make decisions about who can access their resources, which does not inherently enforce mandatory restrictions. Role-Based Access Control assigns access rights based on the roles of users within an organization but does not inherently require a clearance-based framework. Lastly, Rule-Based Access Control uses predefined rules to determine access but lacks the structured clearance level hierarchy that defines Lattice-Based Access Control. This makes it particularly suited for environments where security clearance is essential for safeguarding sensitive information.