Discretionary access control (DAC) is
|“||[a] method of restricting logical access to information system objects (e.g., files, directories, devices, permissions, rules) based on the identity and need-to-know of users, groups, or processes.||”|
|“||[a] means of restricting access to objects (e.g., files, data entities) based on the identity and need-to-know of subjects (e.g., users, processes) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).||”|
- ↑ Tax Information Security Guidelines For Federal, State and Local Agencies, at 152.
- ↑ DCID 6/3, Glossary, App. B.