Skip to end of banner
Go to start of banner

Discretionary Access Control (Dictionary Entry)

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Current »

Discretionary Access Control

Alternative Forms

Definitions

Definition 1

Access Control (DAC) is an access control model whose foundation is the concept of resource ownership. In DAC, the resource owner, often defaulted to the resource creator, has the legitimacy and the exclusive or delegable capacity to grant and revoke access to the resource, often via access control lists. His powers may comprise the capability to transfer ownership over the resource or destroy the resource.

DAC is pervasive in IT systems. When DAC is not accompanied with complementary access control models, it naturally leads to scalability issues as the number of resources and entities grow. Also, if there is no process in place that assure the continuous ownership of resources, DAC produces orphaned resources.

There are multiple variations of DAC, such as Liberal DAC and Strict DAC.

As a model, DAC generally overlooks highly privileged administrators.

DAC is often compared with the alternative Mandatory Access Control (MAC) model.

Related Terms

  • Liberal DAC Hyponym

  • Mandatory Access Control (MAC) Co-hyponym

  • Resource Creator

  • Resource Owner

  • Resource Ownership

  • Strict DAC Hyponym

Quotes

Recall that the central theme of DAC is that of resource ownership. The owner of an object has the authority over who else can access that object. Information flow in DAC is therefore driven by owner-based administration of access rights. Overlooking the role of a super administrative user, generally all variations of the DAC policies share the following characteristics:

• The creator of an object, such as a file in a file system, automatically becomes the owner of that object.

• An object can be destroyed only by its owner.

• While an object is automatically owned by its creator, ownership may optionally be shared with other subjects as well.

(Benantar, 2006, p. 217)

Bibliography

See Also

  • No labels