Your IP Your Status

Discretionary Access Control

Understanding Discretionary Access Control

Discretionary Access Control (DAC) is a type of access control system that grants or restricts access to objects based on the identity of users and/or the groups to which they belong. The "discretionary" aspect of DAC comes from the fact that the user with certain access permissions is able to pass those permissions to other users. This model is widely used in computer security systems, where access rights are assigned by the owner of the information.

The Roots of Discretionary Access Control

The concept of DAC dates back to the early days of computer systems. It was developed as a response to the need for flexible and user-centric security measures in multi-user computer systems. The main idea was to give users control over their own data, allowing them to decide who could access it. Over time, DAC has evolved with technological advancements, maintaining its relevance in modern computer security.

Practical Applications of Discretionary Access Control

In practical terms, DAC is used in various scenarios, from corporate settings to personal devices. For instance, in an office environment, a manager might have access to all files and documents within their department and can grant access to these files to their team members as needed. Similarly, on a personal computer, the primary user can set permissions for other users, determining what files and applications they can access.

Benefits of Discretionary Access Control

DAC offers several advantages. Firstly, it provides flexibility, allowing users to easily grant or revoke access. This makes it ideal for environments where access needs change frequently. Secondly, it empowers users to control their own security, fostering a sense of ownership and responsibility. Lastly, DAC systems are usually less complex and easier to manage compared to other access control models, making them a popular choice for many organizations.


DAC differs mainly in its flexibility and user-centric approach. Unlike models like Mandatory Access Control, where access is governed by a central authority, DAC allows individual users to control access to their own resources.

DAC is suitable for many, but not all, organizations. It works best where flexibility and user control are important. However, in highly sensitive environments, a more restrictive model might be necessary.

Absolutely. DAC often works best when combined with other security measures like encryption, firewalls, and intrusion detection systems to provide a more comprehensive security framework.


Time to Step up Your Digital Protection

The 2-Year Plan Is Now
Available for only /mo

undefined 45-Day Money-Back Guarantee