Back

DAC

Idealogic’s Glossary

Discretionary Access Control (DAC) is a security model that is used to control access to computer systems or networks resources on the basis of user identification and user access control principles. While in the Mandatory Access Control (MAC) the access control decisions are made by the system policies, in the DAC, the resource owner has the authority to determine who can access his or her resources. In this model the owner of the resources can change the Access Control List (ACL) to provide or deny permissions.

How DAC Works

In DAC model every resource like file, database or a network service is owned by a single entity and the owner is generally the creator of the resource. The owner has the power to set the permission on who is allowed to read, write or execute the resource. This flexibility makes it possible for owners to set access controls according to the needs of their particular environment thus making DAC very flexible.

For example, in an operating system, a user who has a file can decide to give or deny access to others by changing the file’s ACL. Likewise in a DBMS, a person who owns a database is able to assign various permissions to the users to access the database accordingly to their roles.

Advantages of DAC

Another major strength of DAC is that it is flexible and user friendly. This is because the access control decisions are made by the resource owners and hence, DAC provides an accurate and specific control of access and ensures that the users have the right access to the resources that they require. This level of customization can be very helpful in the context of a given environment where different people have different levels of access to different resources.

Security Concerns with DAC

However, there are some issues that are related to the security issues of DAC. The first problem is a result of the fact that access control is based on discretion. Since the resource owners are the ones who have the power to grant access then there is a possibility that they may inadvertently or deliberately allow access to unauthorized information or key system resources. This could be as a result of the owner over-estimating or under-estimating the security requirements or if the ACLs are not well administered.

This makes the DAC less secure as compared to MAC which is a more formal model where access decisions are made based on certain well defined policies. Therefore, DAC may not be very effective in environments that demand high degree of security for instance military or government systems where leakage of information could lead to severe consequences.

Application of DAC in Modern Computing

Nevertheless, DAC is implemented in a number of computing platforms, such as DBMS, OS, and NS. This is because it is highly flexible and quite easy to use, meaning that it has become quite popular among many organizations especially where the flexibility of access control is an important factor.

For instance, in the present day operating systems such as Windows, Linux and Mac OS, DAC is applied in the management of file permission. Likewise, in enterprise settings, DAC is commonly used in database systems to regulate access to data, as the administrators are able to set up permissions depending on the user’s role.

Conclusion

Discretionary Access Control (DAC) is a type of security model that allows the owner of the resource to set permissions for the users. Although it is quite useful in terms of usability and the level of control over access, it also poses a threat to security since it is not difficult for an unauthorized user to gain access. However, DAC is still a popular model used in many computing environments especially where there is the need to set permissions on the basis of the data access control. Nevertheless, the organizations which are employing the DAC should be aware of the fact that this model has certain drawbacks and they have to develop some measures to avoid the risks which may come out from the discretionary access decisions.