Alfresco is primarily designed around role-based access control (RBAC) using users, groups, and permissions. It doesn't provide a native mandatory access control (MAC) model in the same way that operating systems or high-security government platforms do. While you can achieve more granular restrictions through custom permission models, security classifications, policies, and integrations with external identity or security systems, implementing true MAC generally requires additional customisation or complementary security controls.If your organisation has strict regulatory or classified data requirements, it's important to evaluate whether the ECM platform supports your required security model, audit capabilities, encryption, and compliance standards before implementation. A thorough enterprise content management consulting assessment can help determine whether Alfresco, SharePoint, or another ECM platform is the best fit for your security, governance, and document management requirements.