Discretionary Access Control

Definition of Discretionary Access Control

Discretionary Access Control (DAC) refers to a security model where access to resources, such as files, directories, or devices, is restricted based on the identity of users and/or groups. In this model, the resource owner can grant or deny permissions at their discretion. DAC relies on Access Control Lists (ACLs) to determine and manage which users and groups have specific access or privileges to resources.


The phonetic pronunciation of the keyword “Discretionary Access Control” is:Discretionary: /ˌdɪskrɪˈʃɛnəri/Access: /ˈakˌsɛs/Control: /kənˈtroʊl/Put together, it sounds like “dis-crih-SHEN-uh-ree AK-ses kuh(n)-TROHL.”

Key Takeaways

  1. Discretionary Access Control (DAC) allows the owner of the data or resources to grant or deny permissions to other users or groups within the system.
  2. DAC is based upon the principle of least privilege, meaning that users should be provided with the minimum access necessary to accomplish their tasks.
  3. Discretionary Access Control is commonly used in many operating systems and file systems, such as Windows, Unix, and Linux, where each file and directory has an associated Access Control List (ACL).

Importance of Discretionary Access Control

Discretionary Access Control (DAC) is an essential concept in technology because it offers a flexible and customizable method for managing user access and permissions within a system or network.

By allowing resource owners to grant or deny access to specific users or user groups, DAC supports enhanced data protection, privacy, and collaboration while maintaining user autonomy.

This level of control is crucial in today’s interconnected digital environment, where sensitive information and valuable resources must be secured against unauthorized access or malicious activities without limiting essential functionality for authorized users.

In summary, DAC plays a vital role in ensuring the ideal balance between optimal system security and user freedom for businesses and organizations.


Discretionary Access Control (DAC) serves the purpose of regulating and restricting access to information and resources within a system based on the privileges assigned to the user by the system owner. This access control model is vital in maintaining organizational security, as it allows for the allocation of specific permissions to individuals or groups, enabling users to access or perform actions on files, folders, and applications for which they have appropriate privileges.

In other words, it empowers the owners of data to designate who can access their information and under what conditions, thereby ensuring the privacy and security of data. One primary use of DAC is to safeguard sensitive information within a company or organization.

By employing this model, system administrators and data owners can grant or deny user access to resources as per their level of clearance or based on their functional roles. A common implementation of DAC can be seen in operating systems where access control lists (ACLs) are maintained to define permissions for users and objects.

The flexibility provided by discretionary access control enables users and administrators to share or restrict access with ease and suits a variety of organizational structures and applications. While offering such versatility and adaptability to its users, it is crucial to implement DAC policies carefully to prevent unauthorized access, data leaks, or breaches due to inadequate security measures.

Examples of Discretionary Access Control

Discretionary Access Control (DAC) is a type of access control system that grants or restricts access to resources based on the identity of the users or groups of users, and the permissions they possess. It allows resource owners to define access rights to data and resources. Here are three real-world examples of DAC:

File Sharing Systems:A common example of DAC is found in computer operating systems like Windows, macOS, and Linux that utilize file sharing features. In these systems, users can set permissions to their own files and directories for other users or groups. These permissions define which file operations are allowed, such as read, write, or execute access. This helps maintain control over access to specific files and folders, enabling secure sharing within a networked environment.

Cloud Storage Services:Dropbox, Google Drive, and other cloud storage services use DAC to ensure the owner of the data can manage and control access to it. Users have the option to share their data with specific people or groups and can set permissions that define the level of access (view, edit, or manage) provided to these collaborators. This enables secure and selective access to resources stored in the cloud.

Management of Social Media Accounts:Social media platforms such as Facebook, Twitter, and Instagram allow users to manage the visibility and accessibility of their content using discretion-based settings. Users may choose to make their content visible to the public, accessible only to friends or followers, or limit access to selected audiences. This empowers users to exercise control over their privacy while sharing content within their network or a pre-defined group of people.


Discretionary Access Control FAQ

What is Discretionary Access Control (DAC)?

Discretionary Access Control (DAC) is a security model in which access rights and permissions are assigned according to user discretion. A resource owner (often the creator) is responsible for defining the access rules that govern the system’s resources. In this model, users can share, modify and restrict access to resources based on their own authority.

How does Discretionary Access Control work?

DAC works by associating access control lists (ACLs) with each protected resource in a system. These lists include the security identity of each user and can define specific permissions such as read, write, and execute. The system enforces access control by allowing or denying access within the stated constraints of the ACLs and the rights of the requestor.

What are the primary advantages of Discretionary Access Control?

The primary advantages of DAC include the following:

  1. Flexibility: It allows resource owners to fine-tune access rights and permissions to meet their specific needs and requirements.
  2. Easy to implement: As a widely used security model, DAC can be easily applied to many different implementations and systems.
  3. Intuitive control: With individual owners in control, the process of modifying and adjusting access rights is more straightforward than other access models.

What are the potential drawbacks of Discretionary Access Control?

Some potential drawbacks of DAC are as follows:

  1. Security risks: DAC relies on the decisions of individual users and can lead to insecure configurations if not managed properly.
  2. Challenging scalability: As a system grows in size and complexity, managing ACLs and their corresponding permissions can become difficult and time-consuming.
  3. Insider threats: Users with malicious intent can potentially manipulate access permissions in their favor.

What are some common examples of Discretionary Access Control?

Common examples of DAC include user-based control in operating systems like Windows, Linux, and macOS, as well as file-sharing protocols such as Network File System (NFS) and Server Message Block (SMB) protocol in networked environments. Applications involving user-owned content, like social media platforms and document management systems, also use Discretionary Access Control.


Related Technology Terms

  • Access Control List (ACL)
  • Privileges
  • Security policy
  • Object owner
  • Authentication

Sources for More Information


About The Authors

The DevX Technology Glossary is reviewed by technology experts and writers from our community. Terms and definitions continue to go under updates to stay relevant and up-to-date. These experts help us maintain the almost 10,000+ technology terms on DevX. Our reviewers have a strong technical background in software development, engineering, and startup businesses. They are experts with real-world experience working in the tech industry and academia.

See our full expert review panel.

These experts include:


About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

More Technology Terms

Technology Glossary

Table of Contents