DAC - Discretionary Access Control

DAC - Discretionary Access Control It is also known as Identity Based Access Control(IBAC). Individual user sets access control mechanism to allow or deny access to an object. Access control is left to the discretion of the owner.

It is also known as Identity Based Access Control(IBAC). Individual user sets access control mechanism to allow or deny access to an object. Access control is left to the discretion of the owner. 

Discretionary access controls base access rights on the identity of the subject and the identity of the object involved. Identity is the key; the owner of the object constrains who can access it by allowing only particular subjects to have access. 

The owner states the constraint in terms of the identity of the subject, or the owner of the subject. The owner can pass rights onto other subjects (discretion). 

Also their programs can pass their rights and the owner has  power to determine who can access.


EXAMPLE: Suppose a child keeps a diary. The child controls access to the diary, because she can allow someone to read it (grant read access) or not allow someone to read it (deny read access). The child allows her mother to read it, but no one else. This is a discretionary access control because access to the diary is based on the identity of the subject (mom) requesting read access to the object (the diary).

You May Also Like...

Socialize with Us