Identity & Access
Discretionary Access Control (DAC)
Also known as: DAC, Owner-controlled access
Definition
An access-control model in which the owner of a resource decides who can access it and what operations they can perform.
Examples
- A Linux user running chmod 644 file.txt to grant world-read access.
- A Windows file owner adding a colleague to the file's ACL with modify rights.
Related terms
Mandatory Access Control (MAC)
An access-control model in which a central policy — not the resource owner — enforces access decisions based on classifications and clearances assigned to subjects and objects.
Role-Based Access Control (RBAC)
An authorization model that grants permissions to roles rather than directly to users, so users inherit access by virtue of their role assignments.
Attribute-Based Access Control (ABAC)
An authorization model that evaluates policies over attributes of the subject, resource, action, and environment to decide whether to allow an access request.
Principle of Least Privilege
A security principle that grants every user, process, or service only the minimum privileges strictly required to perform its function — no more.
Authorization
The process of deciding what an already-authenticated identity is allowed to do — which resources, actions and conditions are permitted.
Broken Access Control
A class of vulnerabilities where authorization rules are missing or incorrectly enforced, letting users perform actions or reach data outside their privileges.