Discretionary access control

Posted on June 7th, 2010 by admin


Share |

Discretionary access control (DAC) is an access policy determined by the owner of an object. The owner decides who is allowed to access the object and what privileges they have.

Two important concepts in DAC are

  • File and data ownership: Every object in the system has an owner. In most DAC systems, each object’s initial owner is the subject that caused it to be created. The access policy for an object is determined by its owner.
  • Access rights and permissions: These are the controls that an owner can assign to other subjects for specific resources.

Access controls may be discretionary in ACL-Based (Access Control List) or Capability-Based access control systems. (In capability-based systems, there is usually no explicit concept of ‘owner’, but the creator of an object has a similar degree of control over its access policy.)



2 Responses to “Discretionary access control”

  1. Bruno Liehr Says:

    I found this information usefull.

  2. Sunday Bohol Says:

    I found this information usefull.

Leave a Reply