Discretionary Access Control (DAC) is the model where control over an object is at the discretion of its owner. The creator of an object is typically its initial owner and has the authority to define access permissions for other subjects (users or groups). This includes the ability to grant, revoke, and delegate permissions, such as read, write, or execute rights. This model is identity-based, where access control lists (ACLs) specify which users are allowed to access the object. The owner's ability to delegate permissions is a fundamental characteristic of DAC.

A. RBAC: Access is determined by a user's assigned role(s), which are centrally managed by an administrator, not by the object's creator.

B. MAC: A central authority enforces access based on system-wide security labels and clearances; individual creators cannot alter these mandatory rules.

D. ABAC: Access is granted based on policies combining subject, object, and environmental attributes, which are typically defined by an administrator, not the object's owner.

1. National Institute of Standards and Technology (NIST). (2017). Special Publication 800-192: Verification and Test Methods for Access Control Policies/Models. Section 2.2

"Discretionary Access Control (DAC)

" Page 4. "In a system with DAC

the owner of an object can decide which other subjects are allowed to access the object and what operations they are allowed to perform."

2. Hu

V. C.

Ferraiolo

D.

Kuhn

R.

Schnitzer

A.

Sandlin

K.

Miller

R.

& Scarfone

K. (2013). NIST Special Publication 800-162: Guide to Attribute Based Access Control (ABAC) Definition and Considerations. Section 2.3.1

"Discretionary Access Control

" Page 6. "DAC is a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject."

3. Myers

A. C.

& Schneider

F. B. (2014). CS 5430: System Security

Lecture 5: Access Control. Cornell University. Page 4. "Discretionary Access Control (DAC): Owner of an object specifies which subjects can access the object."