Discretionary access control (DAC) is a type of security access control that grants or restricts object access via an access policy determined by an object's owner group and/or subjects. DAC mechanism controls are defined by user identification with supplied credentials during authentication, such as username and password. DACs are discretionary because the subject (owner) can transfer authenticated objects or information access to other users. In other words, the owner determines object access privileges.
In DAC, each system object (file or data object) has an owner, and each initial object owner is the subject that causes its creation. Thus, an object's access policy is determined by its owner. A typical example of DAC is Unix file mode, which defines the read, write and execute permissions in each of the three bits for each user, group and others. DAC attributes include:
DAC is easy to implement and intuitive but has certain disadvantages, including:
Read More »