DAC

A discretionary access control (DAC) model allows the owners of objects (resources)
to control who accesses them and what operations can be performed
on the objects. For example, if Dan creates a share on his systemcontaining documents andWAV files, he can control and dictate who can access this share and
the items within it. This is typically done through access control lists (ACLs),
where permission is granted on a need-to-know basis.
DAC systems are used in environments that do not require the structure and
higher level of protection that mandatory access control (MAC)models provide
and enforce. Operating systems must be built differently depending upon
whether they are going to provide DAC or MAC functionality. For example,
Windows-based platforms provide aDACaccess structure instead ofMAC. Specially
developed operating systems, usually created for government agencies and
the military, provide aMAC access structure and the controls and mechanisms
necessary to enforce this level of control.
Some characteristics of DAC systems are the following:
• Access is based entirely on the identity of the user or role that
user plays within the company.
• Data owners determine who can access their resources.
• No security labels are used.
• Usually implemented through access control lists (ACLs).