Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Discretionary Access Control (DAC)

Training Camp • Cybersecurity Glossary

What is Discretionary Access Control (DAC)?

An access control model in which the owner of a resource decides who gets access and what privileges they have, commonly enforced via permissions and access control lists.

Glossary > Identity & Access Management > Discretionary Access Control (DAC)

Understanding Discretionary Access Control (DAC)

The system owner decides who gets access. DAC is an access control model where the owner of a resource determines who can access it and what privileges they have. This model provides flexibility but relies heavily on the judgment of resource owners, potentially leading to inconsistent security. DAC is described in standards like NIST SP 800-53 and is common in many operating systems. Organizations implement DAC through file permissions, access control lists, and user-managed sharing features, typically in combination with more centralized controls. For example, in a corporate environment, individual department managers might have discretion to grant specific users access to departmental file shares, while still operating within broader company security policies. Related terms: Access control, Mandatory access control, Role-based access control, File permissions, Access control list, Object owner, Subject.

Learn More About Discretionary Access Control (DAC):

Ready to Get Certified?

Discretionary Access Control (DAC) is one of the topics you'll master in the Security+ Boot Camp.

Security+ Boot Camp →