Liberal Discretionary Access Control (Dictionary Entry)
Liberal Discretionary Access Control
Definitions
Definition 1
Related Terms
Discretionary Access Control (DAC)
Hypernym
Strict DAC (Dictionary Entry)
Co-hyponym
Quotes
Liberal DAC Allows the owner of an object to further delegate the authority of granting/revoking access to the object by other subjects. The OSM construction specifically treats the following variations of the liberal DAC:
One-level grant: Delegation of the grant/revoke authority is limited to one level only. The owner may delegate grant/revoke authority to other users but they cannot further delegate this power.
Two-level grant: The chain of delegating the grant/revoke authority is limited to a maximum of two levels. Besides the owner delegating his or her authority to another user, the latter can further delegate that authority to other users. For instance, Elyes can delegate the grant/revoke authority over his files to Aicha. In turn, Aicha can delegate the same authority to Alice. But Alice has no control over further delegating this authority to other users.
Multilevel grant: The power to delegate the grant/revoke authority can be propagated down to multiple levels. Elyes can authorize Aicha, who can authorize Alice, who can further authorize Fatima, and so forth.
(Benantar, 2006, p. 218)
Bibliography
See Also
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.