Discretionary access control

Discretionary access control (DAC) is a means of restricting access to objects based on the identity of subjects or groups to which they belong or on the possession of an authorization granting access to those objects. The controls are discretionary in the sense that a subject with certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject.

This page uses content from the Information Security Guide 2 - Glossary, which is made available under the Creative Commons Attribution License 3.0 Unported.