In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria[1] (TCSEC) as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).
Discretionary access control is commonly discussed in contrast to mandatory access control (MAC). Occasionally, a system as a whole is said to have "discretionary" or "purely discretionary" access control when that system lacks mandatory access control. On the other hand, systems can implement both MAC and DAC simultaneously, where DAC refers to one category of access controls that subjects can transfer among each other, and MAC refers to a second category of access controls that imposes constraints upon the first.
^Trusted Computer System Evaluation Criteria. United States Department of Defense. December 1985. DoD Standard 5200.28-STD. Archived from the original on 2006-05-27.
and 22 Related for: Discretionary access control information
In computer security, discretionaryaccesscontrol (DAC) is a type of accesscontrol defined by the Trusted Computer System Evaluation Criteria (TCSEC)...
implemented differently in systems based on discretionaryaccesscontrol (DAC) and mandatory accesscontrol (MAC). Identification and authentication (I&A)...
and information security, accesscontrol (AC) is the selective restriction of access to a place or other resource, while access management describes the...
policy and, for example, grant access to files that would otherwise be restricted. By contrast, discretionaryaccesscontrol (DAC), which also governs the...
context of distribution of discretionaryaccesscontrol (DAC) permissions, for example asserting that giving user U read/write access to file F violates least...
AppArmor supplements the traditional Unix discretionaryaccesscontrol (DAC) model by providing mandatory accesscontrol (MAC). It has been partially included...
or a checksum, cryptographic hash or digital certificate, and discretionaryaccesscontrol information. In Unix-like systems, extended attributes are usually...
access control (MAC) over discretionaryaccesscontrol (DAC). Access clearance is first given to a subject (e.g. process) accessing objects (e.g. files, records...
descriptors contain discretionaryaccesscontrol lists (DACLs) that contain accesscontrol entries (ACEs) that grant and deny access to trustees such as...
to accesscontrol, or it may be derived from a combination of the three approaches. The non-discretionary approach consolidates all accesscontrol under...
formal access approval Accesscontrol Multifactor authentication Bell–LaPadula model Biba model Clark-Wilson model Discretionaryaccesscontrol (DAC) Graham-Denning...
store and preserve the integrity of accesscontrol labels and retain the labels if the object is exported. Discretionary Security Policy – Enforces a consistent...
used. — Richard Feynman, Surely You're Joking, Mr. Feynman! The discretionaryaccesscontrol mechanisms of some operating systems can be used to enforce need...
called following the call of the filter table, allowing any DiscretionaryAccessControl (DAC) rules in the filter table to take effect before any MAC...
from air Direct Attach Copper, a 10 Gigabit Ethernet connector Discretionaryaccesscontrol, in computer security Double-acting Cylinder, a type of pneumatic...