Discretionary Access Control
Alternative Forms
DAC
Acronym
Definitions
Definition 1
Discretionary Access Control (DAC) is an access control model whose foundation is the concept of resource ownership. In DAC, the resource owner, often defaulted to the resource creator, has the legitimacy and the (possibly exclusive ) or delegable capacity to grant and revoke access to the resource, often via access control lists, and possibly to destroy the resource. He may or may no have the capability to delegate his powers. His powers may comprise the capability to transfer ownership over the resource or destroy the resource.
DAC is pervasive in IT systems. When DAC is not accompanied with complementary access control models, it naturally leads to scalability issues as the number of resources and entities grow. Also, if there is no process in place that assure the continuous ownership of resources, DAC produces orphaned resources.
There are multiple variations of DAC, such as Liberal DAC and Strict DAC.
As a model, DAC generally overlooks high highly privileged administrators.
Related Terms
Liberal DAC
Resource Creator
Resource Owner
Resource Ownership
Quotes
Recall that the central theme of DAC is that of resource ownership. The owner of an object has the authority over who else can access that object. Information flow in DAC is therefore driven by owner-based administration of access rights. Overlooking the role of a super administrative user, generally all variations of the DAC policies share the following characteristics:
• The creator of an object, such as a file in a file system, automatically becomes the owner of that object.
• An object can be destroyed only by its owner.
• While an object is automatically owned by its creator, ownership may optionally be shared with other subjects as well.
(Benantar, 2006, p. 217)
Bibliography
See Also
| Filter by label (Content by label) | ||||||
|---|---|---|---|---|---|---|
|