concept

Discretionary Access Control

Discretionary Access Control (DAC) is a security model where access to resources is determined by the resource owner or user, typically through permissions like read, write, and execute. It allows owners to grant or restrict access to files, directories, or other objects based on user identities or group memberships. This model is commonly implemented in operating systems like Unix/Linux and Windows to manage file and folder security.

Also known as: DAC, Discretionary Access Control Model, User-Based Access Control, Owner-Controlled Access, Permissive Access Control
🧊Why learn Discretionary Access Control?

Developers should learn DAC when building or securing applications that require fine-grained user-level access control, such as file-sharing systems, multi-user platforms, or enterprise software. It is essential for implementing security policies where resource owners need flexibility to manage permissions, but it may not be suitable for highly regulated environments where mandatory access control is required for stricter enforcement.

Compare Discretionary Access Control

Discretionary Access Control vs Mandatory Access ControlDiscretionary Access Control vs Role Based Access ControlDiscretionary Access Control vs Attribute Based Access Control

Learning Resources

📄
NIST Guide to DAC
docs
📝
Linux DAC Tutorial by Red Hat
tutorial
🎓
Access Control Models on Coursera
course
🎬
DAC vs MAC Explained on YouTube
video
📚
Computer Security: Principles and Practice by Stallings
book

Related Tools

Mandatory Access ControlRole Based Access ControlAccess Control ListsFile PermissionsSecurity Policies

Alternatives to Discretionary Access Control

Mandatory Access ControlRole Based Access ControlAttribute Based Access Control