ATIS Telecom Glossary
Monday, July 28, 2014

A B C D E F G H I
J K L M N O P Q R
S T U V W X Y Z  
Go
 
Glossary Home
Foreword
Introduction
Normative References
Using the ATIS Telecom Glossary
Annex A: Informative References
 
 
 
<< Back
discretionary access control (DAC)
1. [A] means of restricting access to objects based on the identity and need-to-know of users and/or groups to which the object belongs. Controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (directly or indirectly) to any other subject. Synonym surrogate access. [INFOSEC-99].  2.  Access control based on access rights granted by users other than the System Security Officer [CESG].  Note: [1] Normally enforced by reference to the identity of users and the groups to which they belong.   [2] A subject with an access right may pass it to another subject, unless a. prevented by Mandatory Access Control or b. constrained from so doing by an explicit System Security Policy (perhaps backed up by audit).  3.    A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control) [TCSEC].  4.  A means of restricting access to objects. The restrictions are discretionary in the sense that the subjects granted/denied access, and the type of access granted/denied, are at the discretion of the object owner. In many systems, the controls are also discretionary in the sense that a subject with a certain access permission is capable of passing that permission on to any other subject [POSIX.6].

 

 

 

 

 

 

 

 

 

 



 
These definitions were prepared by ATIS Committee PRQC
 
For more information on the work related to these definitions,
please visit the ATIS website and the ATIS Document Center