Definitions[]
Discretionary access control (DAC) is
“ | [a] method of restricting logical access to information system objects (e.g., files, directories, devices, permissions, rules) based on the identity and need-to-know of users, groups, or processes.[1] | ” |
“ | [a] means of restricting access to objects (e.g., files, data entities) based on the identity and need-to-know of subjects (e.g., users, processes) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).[2] | ” |
References[]
- ↑ Tax Information Security Guidelines For Federal, State and Local Agencies, at 152.
- ↑ DCID 6/3, Glossary, App. B.