Synonyms
DAC; Identity-based access control
Definition
Discretionary access control (DAC) provides for owner-controlled administration of access rights to objects. DAC, as the name implies, permits the granting and revocation of access permissions to be left to the discretion of the individual users. A DAC mechanism allows users to grant or revoke access to any of the objects under their control.
Historical Background
Trusted Computer System Evaluation Criteria (TCSEC) published by the US Department of Defense, commonly known as the Orange Book, defined two important access control modes for information systems: discretionary access control (DAC) and mandatory access control (MAC). As the name implies, DAC allows the creators or owners of files to assign access rights. Also, a user (or subject) with discretionary access to information can pass that information on to another user (or subject). DAC has its genesis in the academic and research setting from which time-sharing systems...
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Recommended Reading
Amazon. Amazon simple storage service (S3). 2011.
Amazon. Amazon web services: risk and compliance (2012), http://media.amazonwebservices.com/.
Bertino E, Samarati P, Jajodia S. Authorizations in relational database management systems. In: Proceedings of the 1st ACM Conference on Computer and Communication Security; 1993. p. 130–9.
Bishop M. Computer security: art and science. Boston: Addison Wesley Professional; 2003.
Calero J, Edwards N, Kirschnick J, Wilcock L, Wray M. Toward a multi-tenancy authorization system for cloud services. IEEE Secur Priv. 2010;8(6):48–55.
Castano S, Fugini MG, Martella G, Samarati P. Database security. Wokingham: Addison Wesley; 1994.
Fagin R. On an authorization mechanism. ACM Trans Database Syst. 1978;3(3):310–19.
Ferraiolo DF, Gilbert DM, Lynch N. An examination of federal and commercial access control policy needs. In: Proceedings of the NIST-NCSC National Computer Security Conference; 1993. p. 107–16.
Graham GS, Denning PJ. Protection: principles and practice. In: Proceedings of the AFIPS Spring Joint Computer Conference; 1972. p. 417–29.
Griffiths PP, Wade BW. An authorization mechanism for a relational database system. ACM Trans Database Syst. 1976;1(3):242–55.
Lampson BW. Protection. In: 5th Princeton symposium on information science and systems. 1971. p. 437–43. Reprinted in ACM Oper Syst Rev. 1974;8(1):18–24.
Rabitti F, Bertino E, Kim W, Woelk D. A model of authorization for next-generation database systems. ACM Trans Database Syst. 1991;16(1):88–131.
Sandhu RS, Samarati P. Access control: principles and practice. IEEE Commun. 1994;32(9):40–8.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Science+Business Media, LLC, part of Springer Nature
About this entry
Cite this entry
Ahn, GJ. (2018). Discretionary Access Control. In: Liu, L., Özsu, M.T. (eds) Encyclopedia of Database Systems. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-8265-9_135
Download citation
DOI: https://doi.org/10.1007/978-1-4614-8265-9_135
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-8266-6
Online ISBN: 978-1-4614-8265-9
eBook Packages: Computer ScienceReference Module Computer Science and Engineering