Discretionary Access Control

What Does Discretionary Access Control Mean?

Discretionary access control (DAC) is a type of security access control that grants or restricts object access via an access policy determined by an object’s owner group and/or subjects. DAC mechanism controls are defined by user identification with supplied credentials during authentication, such as username and password. DACs are discretionary because the subject (owner) can transfer authenticated objects or information access to other users. In other words, the owner determines object access privileges.

Advertisements

Techopedia Explains Discretionary Access Control

In DAC, each system object (file or data object) has an owner, and each initial object owner is the subject that causes its creation. Thus, an object’s access policy is determined by its owner.

A typical example of DAC is Unix file mode, which defines the read, write and execute permissions in each of the three bits for each user, group and others.

DAC attributes include:

  • User may transfer object ownership to another user(s).
  • User may determine the access type of other users.
  • After several attempts, authorization failures restrict user access.
  • Unauthorized users are blind to object characteristics, such as file size, file name and directory path.
  • Object access is determined during access control list (ACL) authorization and based on user identification and/or group membership.

DAC is easy to implement and intuitive but has certain disadvantages, including:

  • Inherent vulnerabilities (Trojan horse)
  • ACL maintenance or capability
  • Grant and revoke permissions maintenance
  • Limited negative authorization power
Advertisements

Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…