Skip to content
Home Β» Discretionary Access Control

Discretionary Access Control

Discretionary Access Control (DAC)

Introduction

Discretionary Access Control (DAC) is an access control model in which the owner of a resource (object) has the authority to decide who can access it and what permissions they have.

πŸ‘‰ β€œAccess is controlled at the discretion of the owner.”

DAC is one of the oldest and most widely used access control models, commonly implemented in operating systems like Windows and Linux.

Meaning

In DAC:

  • Every object has an owner
  • The owner can grant or revoke access rights
  • Access decisions are based on user identity and ownership

πŸ“Œ Control is flexible and user-driven.

Key Features of DAC

  • Ownership-based access control
  • Flexible permission assignment
  • Uses Access Control Lists (ACLs)
  • Supports sharing of resources
  • Identity-based access

Working of DAC

Step-by-Step Process

  1. A user creates a file β†’ becomes the owner
  2. Owner assigns permissions to other users
  3. System checks permissions before granting access
  4. Access is allowed/denied based on owner-defined rules
Owner β†’ Assign Permissions β†’ System Checks β†’ Access Granted / Denied

Access Control Mechanisms in DAC

1. Access Control List (ACL)

  • Each object has a list of users and permissions

Example:

File1:
User A β†’ Read, Write  
User B β†’ Read

2. Capability List

  • Each user has a list of accessible objects and permissions

Examples of DAC

Example 1: Windows File System

  • File owner sets permissions:
    • Read
    • Write
    • Full control

Example 2: Linux File Permissions

  • Owner, Group, Others
  • Permissions: Read (r), Write (w), Execute (x)

Advantages of DAC

  1. Easy to implement
  2. Flexible and user-friendly
  3. Allows resource sharing
  4. Suitable for small to medium systems

Limitations of DAC

  1. Less secure compared to MAC
  2. Vulnerable to Trojan horse attacks
  3. Users may grant excessive permissions
  4. No strict control over information flow

πŸ“Œ Security depends on user decisions.

DAC vs Other Models

FeatureDACMACRBAC
ControlOwnerSystemRole
FlexibilityHighLowMedium
SecurityLowHighMedium
ExampleFile sharingMilitary systemsCorporate systems

DAC and Security Principles

  • Violates least privilege if misused
  • Supports sharing but reduces control
  • Requires user awareness

DAC and CIA Triad

  • Confidentiality β†’ Depends on owner decisions
  • Integrity β†’ Risk if permissions are misused
  • Availability β†’ Easy access due to flexibility

DAC in Cyber Law (India)

Under IT Act, 2000:

  • Section 43 β†’ Unauthorized access due to weak control
  • Section 66 β†’ Misuse of system access

πŸ“Œ Improper permission management may lead to legal issues.

Real-Life Example

In a college system:

  • Teacher creates file β†’ becomes owner
  • Teacher gives:
    • Students β†’ Read access
    • Admin β†’ Full control

Use Cases of DAC

  • Personal computers
  • File sharing systems
  • Small organizations
  • Collaborative environments

Conclusion

Discretionary Access Control (DAC) is a flexible and user-controlled access mechanism where the owner decides access permissions. While it is easy to implement and supports sharing, it lacks strong security controls and is vulnerable to misuse. Therefore, DAC is suitable for less sensitive environments but should be used carefully in critical systems.

πŸ“˜ MCA Exam Tip

For 10–15 marks:

  • Definition
  • Features
  • Working
  • Advantages & limitations
  • Comparison with MAC & RBAC