In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)".
Discretionary access control is commonly discussed in contrast to mandatory access control (MAC, sometimes termed non-discretionary access control). Occasionally a system as a whole is said to have "discretionary" or "purely discretionary" access control as a way of saying that the system lacks mandatory access control. On the other hand, systems can be said to implement both MAC and DAC simultaneously, where DAC refers to one category of access controls that subjects can transfer among each other, and MAC refers to a second category of access controls that imposes constraints upon the first.
Read more about Discretionary Access Control: Implementations
Famous quotes containing the words access and/or control:
“In the greatest confusion there is still an open channel to the soul. It may be difficult to find because by midlife it is overgrown, and some of the wildest thickets that surround it grow out of what we describe as our education. But the channel is always there, and it is our business to keep it open, to have access to the deepest part of ourselves.”
—Saul Bellow (b. 1915)
“The child knows only that he engages in play because it is enjoyable. He isn’t aware of his need to play—a need which has its source in the pressure of unsolved problems. Nor does he know that his pleasure in playing comes from a deep sense of well-being that is the direct result of feeling in control of things, in contrast to the rest of his life, which is managed by his parents or other adults.”
—Bruno Bettelheim (20th century)