Discretionary Access Control (DAC)

Security+ 🏆 • Authentication & Authorization 🔐 • Difficulty: premium

Definition

Discretionary Access Control is an access control model where the owner of a resource decides who can access it and what they can do. It is commonly implemented using permissions and access control lists on files, folders, and shared resources.

Examples

On Linux, a file owner uses chmod and chown to control who can read or modify a file.
On Windows, an NTFS folder uses a DACL to grant a group read access and give a manager modify rights.

Discover 🔎

Access control is about deciding who can do what with a resource. Discretionary Access Control is one of the most common models because it matches how people naturally think: if you own something, you can decide who else can use it. You see DAC everywhere in operating systems and collaboration tools where permissions are set by file owners, folder owners, or administrators acting on their behalf.

Remember: DAC means the resource owner has discretion over access. Ownership drives permission decisions.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.