Discretionary Access Controls (DAC)

3rd February 2020 | Cybrary Discretionary Access Controls (DAC)


Discretionary Access Controls, also known as DAC, are types of cybersecurity measures that allow or restrict access based upon the discretion of the employee as opposed to the file or resource owner. For example, if Bob has administrative rights to his computer, he can install any software he wants at his own discretion. Likewise, if a file folder labeled Human Resources is world-readable on the file server, then employees could access these restricted files at their discretion (risking termination possibly in so doing).  However, it is at the discretion of the employee whether a file is installed or accessed.  In contrast to DAC, mandatory access controls (or MAC) establish technology restrictions preventing employees from installing software on their computer by removing Administrative rights from each end user.  They prevent access to HR files by setting restrictive permissions on the directories in which those files are stored and limit access to HR employees only.  MAC prevents actions from occurring even when an employee attempts them.  DAC allows employee actions to occur even when a governance policy states such activities are not allowed.

What Does This Mean For My SMB?

Setting up Discretionary Access Controls (DACs) is something that every single business should adopt. CyberHoot recommends that MSPs and SMBs establish governance policies to guide employee behaviors and decision-making when MAC controls are not possible.  This would include the following:

  1. Adopting a password manager to make compliance to discretionary password length requirements in online SaaS applications easier to accomplish.
  2. Guiding and training employees on why the length of a password matters more than complexity so they choose wisely when creating unique passwords for all their individual online accounts.
  3. Establishing an Information Handling Policy that requires employees to shred sensitive documents rather than throwing them into the recycle bin.  This same policy prohibits unencrypted emailing of critical and sensitive data.  These are discretionary controls depending upon employee awareness and good behaviors.
Additional Best Practices for Securing MSPs and SMBs

CyberHoot also recommends the following best practices to protect individuals and businesses against, and limit damages from, online cyber attacks:

To learn more about Discretionary Controls, watch this short video:

Related Term: Mandatory Access Controls (MAC)

Source: Techopedia

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...

Read more
CyberHoot Newsletter – May 2025

CyberHoot Newsletter – May 2025

Welcome to CyberHoot's May Newsletter! This month, we're spotlighting key developments in the cyber threat...

Read more
Cybersecurity Advisory: Hackers Exploit Zoom’s Remote Control Feature

Cybersecurity Advisory: Hackers Exploit Zoom’s Remote Control Feature

A newly uncovered cyberattack campaign is exploiting Zoom’s Remote Control feature to infiltrate the systems...

Read more