Discretionary Access Control (DAC)

Authentication & Authorization 🔐 • Governance (GRC) 📜 • Sec+ Glossary 📖 • Difficulty: premium

What is Discretionary Access Control (DAC)?

Discretionary Access Control, or DAC, is an access control model in which the owner of a resource decides which users or groups are allowed to access it and what they are allowed to do with it.

Examples

A user creates a file on a shared system and chooses which coworkers can read or edit it.
A manager owns a folder containing project documents and grants one team read access while allowing only a few people to make changes.

Discover 🔎

Not every security decision is made by a central authority. In many systems, the person who creates or owns a file, folder, or resource is given the power to decide who else can use it. That is the idea behind Discretionary Access Control.

DAC matters because it reflects a very common way people work. Users create information, own it, and then share it with others when collaboration is needed. This makes the model flexible and convenient, especially in general-purpose computing environments. At the same time, that same flexibility can create risk if users make poor access decisions or share data more broadly than they should.

Remember: In DAC, access decisions are largely in the hands of the resource owner rather than controlled entirely by a central classification system.

Summary 📝

Discretionary Access Control is an access model that lets the owner of a resource decide who else may use it. Its main strength is flexibility, which makes sharing and collaboration easier in many computing environments. Its main weakness is that security can become inconsistent if owners grant access too broadly or without enough care.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.