What’s Discretionary Access Control?

Print anything with Printful



Discretionary Access Control (DAC) allows select users to control program access and assign rights to different users, while mandatory access control sets restrictions by security policy administrators. DAC is flexible and easily customizable, allowing for easy changes in access rights. This limits the possibility of illegal use by unauthorized individuals.

Discretionary Access Control (DAC) is a type of security measure used with many different types of corporate and personal networks. The idea behind this type of computer security is to have a person or a select group of people with the ability to control the use of all programs residing on the network, including assigning access rights to different users. Typically, this process requires that you can configure user profiles to restrict access to some programs while allowing access to others. All of this activity occurs at the discretion of these master users or administrators, who can change or revoke privileges at any time.

The discretionary access control process is somewhat different from a different security measure known as mandatory access control. With the latter, there is no possibility for administrators to create customized accesses for specific users, since the restrictions are set by security policy administrators based on the constraints encountered in the operating system used on the network. DAC, on the other hand, allows you to customize the access of each authorized user based on the need to know. While both approaches are effective, discretionary access control is easily the more flexible of the two and can be an ideal solution for businesses of any size.

One of the main benefits of discretionary access control is the built-in flexibility in assigning access rights to the various programs and databases residing on the network. This means that when an employee is promoted to a new position, the process of changing access rights so that they can use the data relevant to those new responsibilities can be managed with ease. At the same time, if an employee is assigned to a project that requires temporary access to certain data, those rights can be assigned and then revoked once the project is complete. Administrator or main user capabilities allow you to initiate changes in seconds, easily customizing that access to meet any needs that arise.

The exact structure of discretionary access control depends on the nature of the programs in use and how access rights are assigned. Some configurations allow rights to be based on the assignment of specific access credentials which are then customized also in terms of permissions within each of these programs. For example, a salesperson can be granted access to the billing system so that they can view billing activity for customer profiles that contain that salesperson’s specific Sales ID number, but not the billing activity of other clients. The ability to tailor access rights to individual users means that no one has access to any data on the network except those who are tasked with supervising the entire network. From this point of view, this limits the possibility of illegal use by hackers, company spies or even disgruntled ex-employees looking for a way to get even with their employer.




Protect your devices with Threat Protection by NordVPN


Skip to content