Discretionary access control

nounid 2343·updated May 9, 2026

candidate

GlossaryL1 — what DictionaryL2 — how used ThesaurusL3 — relations Universaleverything

A means of restricting access to objects (e.g., files, data entities) based on the identity and need-to-know of subjects (e.g., users, processes) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).

polysemousMWE

Classifications

per-axis with provenance

Entity Type

Control95%rule-basedr:entity.control.safeguard.v1

Sensitivity

—90%llm-generatedllm:claude-haiku-4-5

Information Class

—90%llm-generatedllm:claude-haiku-4-5

Variants

4 surface forms

acronym: DAC
plural: Discretionary access controls
possessive: Discretionary access control's
pluralpossessive: Discretionary access controls'

Framework definitions

6 senses across 5 frameworks

SANS Glossary of Security Terms1 senseview framework →

§1: Discretionary Access Control consists of something the user can manage, such as a document password.

ISACA Cybersecurity Glossary1 senseview framework →

§1: A means of restricting access to objects based on the identity of subjects and/or groups to which they belong Scope Note: The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject.

NISTIR 7298: Glossary of Key Information Security Terms, Revision 22 sensesview framework →

§1: The basis of this kind of security is that an individual user, or program operating on the user’s behalf, is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the user’s control.
§2 · sense_2_pending_review: A means of restricting access to objects (e.g., files, data entities) based on the identity and need-to-know of subjects (e.g., users, processes) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).

CNSSI-4009 (Glossary of Information Assurance Terms)1 senseview framework →

§1: A means of restricting access to objects (e.g., files, data entities) based on the identity and need-to-know of subjects (e.g., users, processes) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).

FIPS PUB 1911 senseview framework →

§1: The basis of this kind of security is that an individual user, or program operating on the user’s behalf, is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the user’s control.

Outgoing relationships

term as subject — 0 triples

No outgoing triples

This term is not the subject of any RDF-style relationship yet.

Incoming relationships

term as object — 0 triples

No incoming triples

No other term currently asserts a relationship to this one.