Discretionary Access Controls, also known as DAC, are types of cybersecurity measures that allow or restrict access based upon the discretion of the file or resource owner. For example, if Bob owns a file or resource, then Bob can, at his discretion grant access to Susie and deny access to Jennifer. These controls are discretionary because the owner determines the access entitlements. In contrast to DAC, mandatory access controls (or MAC) are controls established by a company or organization and enforced at the entity level on the employees or workers within that organization.
Related Term: Mandatory Access Controls (MAC)