Discretionary access control

From Wikipedia, the free encyclopedia

In computer security, discretionary access control (DAC) is a kind of access control, defined by the TCSEC ^[1] as "a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by Mandatory Access Control)."

However, the meaning of the term in practice is not as clear-cut as the definition given in the TCSEC standard.

For example, the term is commonly used in contexts that assume that, under DAC, every object has an owner that controls the permissions to access the object, probably because many systems do implement DAC using the concept of an owner. But the TCSEC definition does not say anything about owners, so technically an access control system doesn't have to have a concept of owner to meet the TCSEC definition of DAC.

As another example, capabilities are sometimes described as discretionary controls because they permit subjects to transfer their access to other subjects, even though capability-based security is fundamentally not about restricting access "based on the identity of subjects". (Capability systems do not, in general, allow permissions to be passed "to any other subject"; the subject wanting to pass its permissions must first have access to the receiving subject, and subjects do not generally have access to all subjects in the system.)

Discretionary access control is commonly defined in opposition to mandatory access control (which is even sometimes termed non-discretionary access control). Occasionally a system as a whole is said to have "discretionary" or "purely discretionary" access control as a way of saying that the system lacks mandatory access control. On the other hand, systems can be said to implement both MAC and DAC simultaneously, where DAC refers to one category of access controls that subjects can transfer among each other and MAC refers to a second category of access controls that imposes constraints upon the first.