DAC Definition

DAC (Discretionary Access Control) – a security model for computer systems or network resources restricted access based on the identity of users against access policies. While in Mandatory Access Control access, decisions are made based on system policies, DAC allows an owner of the resources to make decisions independently. By the DAC system, the owners are given the responsibility to alter their Access Control List following requirements from a need-to-do basis for granting or denying access rights.

While DAC provides the possibility for flexibility and granularity of access control, security risks also may be incurred because access decisions are made by susceptible personal judgment of resource owners, so that they can gain unauthorized access to sensitive data or the system resources. It is much used in many of the contemporary computing environments, such as database management systems, operating systems, and network systems, although the DAC strategy has some drawbacks.