Check the validity of credentials given at the discretion of the user (e.g., username and password).
As set by the administrator or resource owner, allows some users to access a resource or perform an action while preventing other users from doing so.
Restricts access to objects based on identity and/or group membership. The controls are discretionary in the sense that a user with a certain access permission (for example, an object owner) is capable of passing access permission on to any other user, such as with the grant command.
A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).
A means of restricting access to objects based on the identity and need-to-know of the user, process, and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject.
A means of restricting access to information based on privileges. The appropriate privilege must be assigned for a user to access a named object. Appropriately privileged users can grant other users privileges at their discretion; therefore, this type of security is discretionary.
a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject [NATO87], provided this is consistent with the security policy being operated within the environment.
A means of restricting access to objects based on the identify of the principal.
A means of restricting access to objects based on the identity of subjects and/or groups to which they belong or on the possession of an authorization granting access to those objects. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) onto any other subject.
In computer security, discretionary access control (DAC) is a kind of access control, defined by the TCSEC