What is Discretionary Access Control (DAC)?

Discretionary Access Control (DAC) allows authorized users to change the access control attributes of objects, thereby specifying whether other users have access to the object. A simple form of Discretionary Access Control (DAC) might be file passwords, where access to a file requires the knowledge of a password created by the file owner. In Linux, the file permission is the general form of Discretionary Access Control (DAC).

Discretionary Access Control (DAC) is the setting of permissions on files, folders, and shared resources. The owner of the object (normally the user who created the object) in most operating system (OS) environments applies discretionary access controls. This ownership may be transferred or controlled by root/administrator accounts. Discretionary Access Control (DAC) is controlled by the owner or root/administrator of the Operating System, rather than being hard coded into the system.

The Discretionary Access Control (DAC) mechanisms have a basic weakness, and that is they fail to recognize a fundamental difference between human users and computer programs.