What Is Discretionary Access Control?

Discretionary access control (DAC) is a security access control model in which, besides the security administrator, creators of objects (object owners) control object access privileges.

Object owners may determine the access type of every user in the system using an access control list (ACL) and may transfer object ownership.

In DAC, access to a resource is only granted after successful ACL authorization and user identity verification (via authentication with credentials or membership in an authorized user group).

Unauthorized users cannot see object attributes, such as file size, name, and directory path.