Discretionary Access Control
Alternative Forms
DAC
Acronym
Definitions
Definition 1
Discretionary Access Control (DAC) is an access control model whose foundation is the concept of resource ownership. In DAC, the resource owner, often defaulted to the resource creator, has the legitimacy and the exclusive or delegable capacity to grant and revoke access to the resource, often via access control lists. His powers may comprise the capability to transfer ownership over the resource or destroy the resource.
DAC is pervasive in IT systems. When DAC is not accompanied with complementary access control models, it naturally leads to scalability issues as the number of resources and entities grow. Also, if there is no process in place that assure the continuous ownership of resources, DAC produces orphaned resources.
There are multiple variations of DAC, such as Liberal DAC and Strict DAC.
As a model, DAC generally overlooks highly privileged administrators.
DAC is often compared with the alternative Mandatory Access Control (MAC) model.
Related Terms
Liberal DAC
Hyponym
Mandatory Access Control (MAC)
Co-hyponym
Resource Creator
Resource Owner
Resource Ownership
Strict DAC
Hyponym
Quotes
Recall that the central theme of DAC is that of resource ownership. The owner of an object has the authority over who else can access that object. Information flow in DAC is therefore driven by owner-based administration of access rights. Overlooking the role of a super administrative user, generally all variations of the DAC policies share the following characteristics:
• The creator of an object, such as a file in a file system, automatically becomes the owner of that object.
• An object can be destroyed only by its owner.
• While an object is automatically owned by its creator, ownership may optionally be shared with other subjects as well.
(Benantar, 2006, p. 217)
Bibliography
See Also
Filter by label (Content by label) | ||||||
---|---|---|---|---|---|---|
|