What is Originator Controlled Access Control (ORCON)?

An originator controlled access control (ORCON or ORGCON) bases access on the creator of an object (or the information it contains). Information is controlled by originator or creator of information not owner. Sometimes creator may be owner too. The goal of this control is to allow the originator of the file (or of the information it contains) to control the dissemination of the information. ORCON is the combination of MAC and DAC and the basic rules are:
  • The owner of an object cannot change the access controls of the object. 
  • When an object is copied, the access control restrictions of that source are copied and bound to the target of the copy. 
  • The creator (originator) can alter the access control restrictions on a per-subject and per-object basis.