What Is Discretionary Access Control?
Discretionary access control (DAC) is a type of security measure that is employed with many different types of business and personal networks. The idea behind this type of computer security is to have one person or a select group of people with the capability of controlling the use of any and all programs residing in the network, including the assigning of access rights to different users. Typically, this process calls for being able to configure user profiles to restrict access to some programs while allowing access to others. All this activity takes place at the discretion of these master users or administrators, who can change or revoke privileges at any time.
The process of discretionary access control is somewhat different from a different security measure known as mandatory access control. With the latter, the ability of administrators to create customized access for specific users is not present, since the restrictions are set by security policy administrators based on the constraints found in the operating system used on the network. By contrast, DAC makes it possible to customize the access of each authorized user based on a need-to-know basis. While both approaches are effective, discretionary access control is easily the more flexible of the two and can be an ideal solution for companies of just about any size.
One of the main benefits of discretionary access control is the flexibility that is built into the assigning of access rights to various programs and databases that reside in the network. This means when an employee is promoted to a new position, the process of changing access rights so that he or she can make use of data relevant to those new responsibilities can be managed with ease. At the same time, if an employee is assigned to a project that requires temporary access to certain data, those rights can be assigned then revoked once the project is complete. The abilities of the administrator or master user make it possible to initiate the changes in a matter of seconds, easily customizing that access to meet whatever need should arise.
The exact structure of discretionary access control depends on the nature of the programs in use and how access rights are assigned. Some configurations allow for rights to be based on the assignment of specific login credentials that are then also customized in terms of permissions within each of those programs. For example, a salesperson may be granted access to the billing system so he or she can see billing activity relevant to the customer profiles that contain that salesperson’s specific sales ID number, but not the billing activity of other customers. The ability to tailor access rights to individual users means that no one has access to all the data on the network except those who are charged with overseeing the entire network. From this perspective, this limits the potential for illegal use of the by hackers, corporate spies or even disgruntled former employees who are looking for a way to get back at the employer.
Discuss this Article
Post your comments