Discretionary Access Control
Discretionary Access Control: (DAC) An access control policy that is enforced over all subjects and objects in an information system where the policy…
Definition
(DAC) An access control policy that is enforced over all subjects and objects in an information system where the policy specifies that a subject that has been granted access to information can do one or more of the following: (i) pass the information to other subjects or objects; (ii) grant its privileges to other subjects; (iii) change security attributes on subjects, objects, information systems, or system components; (iv) choose the security attributes to be associated with newly-created or revised objects; o r (v) change the rules governing access control. Mandatory access controls restrict this capability.
Alternative Definitions
- Definition 2
The basis of this kind of security is that an individual user, or program operating on the user’s behalf, is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the user’s control. (FIPS 191) (NISTIR)