In Mandatory Access Control (MAC) systems, the concept is centered around a centralized enforcement of security policy, where users and data resources are classified and access permissions are controlled by a set of fixed security attributes. It's a label-based system, which means the access decision doesn't rely on the discretion of the resource owner, but rather on the security labels and clearances. This is in contrast to Discretionary Access Control (DAC) systems, where resource owners indeed have the discretion to grant or restrict access to the resources they manage.