Discretionary Access Control (DAC) defines basic access control policies to objects in a filesystem.

Generally, these are done at the discretion of the object owner -- file/directory permissions and user/group ownership.

The Telecom Glossary defines DAC as "A means of restricting access to objects based on the identity and need-to-know of users and/or groups to which the object belongs. Controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (directly or indirectly) to any other subject."

See also

• Mandatory Access Control (MAC)
• Role-Based Access Control (RBAC)
• Capability-based security

Data security

Discretionary Access Control | 任意アクセス制御 | Дискреционный контроль доступа