What is Discretionary access control DAC?

Understanding Discretionary access control DAC

The system owner decides who gets access. DAC is an access control model where the owner of a resource determines who can access it and what privileges they have. This model provides flexibility but relies heavily on the judgment of resource owners, potentially leading to inconsistent security. DAC is described in standards like NIST SP 800-53 and is common in many operating systems. Organizations implement DAC through file permissions, access control lists, and user-managed sharing features, typically in combination with more centralized controls. For example, in a corporate environment, individual department managers might have discretion to grant specific users access to departmental file shares, while still operating within broader company security policies. Related terms: Access control, Mandatory access control, Role-based access control, File permissions, Access control list, Object owner, Subject.