Discretionary Access Control

Why Trust Techopedia

What Does Discretionary Access Control Mean?

Discretionary access control (DAC) is a type of security access control that grants or restricts object access via an access policy determined by an object’s owner group and/or subjects. DAC mechanism controls are defined by user identification with supplied credentials during authentication, such as username and password. DACs are discretionary because the subject (owner) can transfer authenticated objects or information access to other users. In other words, the owner determines object access privileges.


Techopedia Explains Discretionary Access Control

In DAC, each system object (file or data object) has an owner, and each initial object owner is the subject that causes its creation. Thus, an object’s access policy is determined by its owner.

A typical example of DAC is Unix file mode, which defines the read, write and execute permissions in each of the three bits for each user, group and others.

DAC attributes include:

  • User may transfer object ownership to another user(s).
  • User may determine the access type of other users.
  • After several attempts, authorization failures restrict user access.
  • Unauthorized users are blind to object characteristics, such as file size, file name and directory path.
  • Object access is determined during access control list (ACL) authorization and based on user identification and/or group membership.

DAC is easy to implement and intuitive but has certain disadvantages, including:

  • Inherent vulnerabilities (Trojan horse)
  • ACL maintenance or capability
  • Grant and revoke permissions maintenance
  • Limited negative authorization power

Related Terms

Margaret Rouse
Technology Expert
Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.