Encyclopedia of Database Systems

2018 Edition
| Editors: Ling Liu, M. Tamer Özsu

Discretionary Access Control

  • Gail-Joon AhnEmail author
Reference work entry
DOI: https://doi.org/10.1007/978-1-4614-8265-9_135


DAC; Identity-based access control


Discretionary access control (DAC) provides for owner-controlled administration of access rights to objects. DAC, as the name implies, permits the granting and revocation of access permissions to be left to the discretion of the individual users. A DAC mechanism allows users to grant or revoke access to any of the objects under their control.

Historical Background

Trusted Computer System Evaluation Criteria (TCSEC) published by the US Department of Defense, commonly known as the Orange Book, defined two important access control modes for information systems: discretionary access control (DAC) and mandatory access control (MAC). As the name implies, DAC allows the creators or owners of files to assign access rights. Also, a user (or subject) with discretionary access to information can pass that information on to another user (or subject). DAC has its genesis in the academic and research setting from which time-sharing systems...

This is a preview of subscription content, log in to check access.

Recommended Reading

  1. 1.
    Amazon. Amazon simple storage service (S3). 2011.Google Scholar
  2. 2.
    Amazon. Amazon web services: risk and compliance (2012), http://media.amazonwebservices.com/.
  3. 3.
    Bertino E, Samarati P, Jajodia S. Authorizations in relational database management systems. In: Proceedings of the 1st ACM Conference on Computer and Communication Security; 1993. p. 130–9.Google Scholar
  4. 4.
    Bishop M. Computer security: art and science. Boston: Addison Wesley Professional; 2003.Google Scholar
  5. 5.
    Calero J, Edwards N, Kirschnick J, Wilcock L, Wray M. Toward a multi-tenancy authorization system for cloud services. IEEE Secur Priv. 2010;8(6):48–55.CrossRefGoogle Scholar
  6. 6.
    Castano S, Fugini MG, Martella G, Samarati P. Database security. Wokingham: Addison Wesley; 1994.zbMATHGoogle Scholar
  7. 7.
    Fagin R. On an authorization mechanism. ACM Trans Database Syst. 1978;3(3):310–19.CrossRefMathSciNetGoogle Scholar
  8. 8.
    Ferraiolo DF, Gilbert DM, Lynch N. An examination of federal and commercial access control policy needs. In: Proceedings of the NIST-NCSC National Computer Security Conference; 1993. p. 107–16.Google Scholar
  9. 9.
    Graham GS, Denning PJ. Protection: principles and practice. In: Proceedings of the AFIPS Spring Joint Computer Conference; 1972. p. 417–29.Google Scholar
  10. 10.
    Griffiths PP, Wade BW. An authorization mechanism for a relational database system. ACM Trans Database Syst. 1976;1(3):242–55.CrossRefGoogle Scholar
  11. 11.
    Lampson BW. Protection. In: 5th Princeton symposium on information science and systems. 1971. p. 437–43. Reprinted in ACM Oper Syst Rev. 1974;8(1):18–24.CrossRefGoogle Scholar
  12. 12.
    Rabitti F, Bertino E, Kim W, Woelk D. A model of authorization for next-generation database systems. ACM Trans Database Syst. 1991;16(1):88–131.CrossRefGoogle Scholar
  13. 13.
    Sandhu RS, Samarati P. Access control: principles and practice. IEEE Commun. 1994;32(9):40–8.CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Arizona State UniversityTempeUSA