Discretionary Access Control (DAC)

What is Discretionary access control (DAC)

Discretionary access control (DAC) is a type of security access control that grants or restricts object access via an access policy determined by an object's owner group and/or subjects. DAC mechanism controls are defined by user identification with supplied credentials during authentication, such as username and password. DACs are discretionary because the subject (owner) can transfer authenticated objects or information access to other users. In other words, the owner determines object access privileges.

Discretionary access control is commonly discussed in contrast to mandatory access control (MAC). Occasionally a system as a whole is said to have "discretionary" or "purely discretionary" access control as a way of saying that the system lacks mandatory access control. On the other hand, systems can be said to implement both MAC and DAC simultaneously, where DAC refers to one category of access controls that subjects can transfer among each other, and MAC refers to a second category of access controls that imposes constraints upon the first.



DAC attributes include:

  • User may transfer object ownership to another user(s).
  • User may determine the access type of other users.
  • After several attempts, authorization failures restrict user access.
  • Unauthorized users are blind to object characteristics, such as file size, file name and directory path.
  • Object access is determined during access control list (ACL) authorization and based on user identification and/or group membership.


DAC is easy to implement and intuitive but has certain disadvantages, including:

  • Inherent vulnerabilities (Trojan horse)
  • ACL maintenance or capability
  • Grant and revoke permissions maintenance
  • Limited negative authorization power



Benefits of Discretionary Access Control


Data Security:  

 It creates a firewall against malware attacks, unauthorized access by setting up a highly encrypted security protocol that must be bypassed before access is granted.

Minimizes Administrative Obligation:  

Discretionary access control automates the security surveillance system. Access points are monitored from a centralized platform to check and authenticate persons trying to access important files.

Fast Authentication:  

Unlike the manual control and authentication of access, DAS  authentication is done in a matter of seconds. The DAC system automates the whole network such that it does not take more than few seconds to assess, verify and authorize or deny access.

Efficiency: 

DAS devices are innovative enough to deal with attempts to override them and gain forceful entry into unauthorized areas of an organization.

Minimizes Cost

This type of access control is also cost-effective, reducing the number of resources used in policing an organization’s network.


Reference:

https://www.techopedia.com/definition/229/discretionary-access-control-dac

https://en.wikipedia.org/wiki/Discretionary_access_control
https://www.getkisi.com/blog/discretionary-access-control-explained

Comments

Post a Comment

Popular posts from this blog

Mandatory Access Control (MAC)

Image
What is Mandatory access control (MAC) Mandatory access control (MAC) is a model of access control where the working framework gives clients access dependent on information secrecy and client leeway levels. In this model, access is conceded on a need-to-know premise: clients need to demonstrate a requirement for data prior to obtaining entrance. Macintosh is viewed as the most secure of all entrance control models. Access rules are physically characterized by framework executives and carefully upheld by the working framework or security piece. Customary clients can't change security credits in any event, for the information they've made.   With MAC, the process of gaining access looks like this : ·          The administrator configures access policies and defines security attributes: confidentiality levels, clearances for accessing different projects and types of resources. ·          The admi...
Read more

Role-Based Access Control (RBAC)

Image
  DEFINITION OF ROLE-BASED ACCESS CONTROL (RBAC) Role-based access control (RBAC) restricts network access based on a person's role within an organization and has become one of the main methods for advanced access control. The roles in RBAC refer to the levels of access that employees have to the network. Employees are only allowed to access the information necessary to effectively perform their job duties. Access can be based on several factors, such as authority, responsibility, and job competency. In addition, access to computer resources can be limited to specific tasks such as the ability to view, create, or modify a file. As a result, lower-level employees usually do not have access to sensitive data if they do not need it to fulfill their responsibilities. This is especially helpful if you have many employees and use third-parties and contractors that make it difficult to closely monitor network access. Using RBAC will help in securing your company’s sensitive data and...
Read more