DAC (Discretionary Access Control) is an access control model where the owner of a resource decides who can access it and what they can do, usually managed through access control lists. It connects to authentication and authorization in AP Cybersecurity Unit 4.
DAC stands for Discretionary Access Control. The key word is "discretionary" because access is left to the discretion of the resource owner. If you create a file, you get to decide who else can read, write, or run it. There's no central authority overriding your call.
Think of it like sharing a Google Doc. You own it, so you choose who gets viewer, commenter, or editor access. That's DAC in action. Behind the scenes, those permissions are tracked in an access control list (ACL), which pairs each user or group with the rights they have on the resource. DAC is the most common access control model you'll bump into on everyday systems like Windows and Linux file permissions, precisely because it's flexible and puts owners in charge.
DAC lives in Unit 4: Securing Devices, specifically around Topic 4.2 Authentication and the authorization that follows it. Once an authentication mechanism verifies who you are (the job of [AP Cybersecurity 4.2.C]), an access control model decides what you're allowed to do. DAC is one of the answers to that second question. Understanding it helps you reason about why locking down login settings ([AP Cybersecurity 4.2.D]) matters, because if an attacker steals an owner's credentials under DAC, they inherit that owner's power to grant access to others. The exam wants you to tell access control models apart and match each to the right scenario.
Keep studying AP Cybersecurity Unit 4
Visual cheatsheet
view galleryMAC (Mandatory Access Control) (Unit 4)
MAC is DAC's strict cousin. Instead of owners deciding access, a central policy and security labels do, so a user can't just hand out permissions. DAC trusts the owner; MAC trusts the system.
Access Control List (Unit 4)
The ACL is how DAC actually stores its decisions. Each entry says which user or group can do what to a resource, so DAC without an ACL is just an idea with no enforcement.
RBAC (Role-Based Access Control) (Unit 4)
RBAC assigns permissions to roles rather than individuals or owners. Where DAC lets one owner grant access ad hoc, RBAC says 'all managers can see payroll,' which scales better in big organizations.
Authentication (Topic 4.2)
Authentication and DAC are a two-step handshake. Authentication confirms your identity using factors like passwords or biometrics, then DAC uses that confirmed identity to look you up in the ACL and decide your access.
Expect DAC to show up in multiple-choice questions that hand you a scenario and ask which access control model fits. The giveaway phrase is that the resource owner sets permissions. You should be able to contrast DAC with MAC, RBAC, and RuBAC quickly, since the exam loves to test whether you can match a model to who controls access. No released FRQ has used DAC verbatim, but the concept supports any answer about authorization and how access decisions get made after authentication. Practice spotting the trigger words: 'owner decides' means DAC, 'central labels' means MAC, 'job role' means RBAC.
Both control who can access a resource, but the difference is who's in charge. Under DAC, the resource owner chooses and can pass access along at their discretion. Under MAC, a central authority enforces fixed security labels and the owner can't override them. Quick memory hook: DAC is Discretionary (owner's choice), MAC is Mandatory (system's rule).
DAC stands for Discretionary Access Control, where the owner of a resource decides who can access it.
DAC permissions are typically stored and enforced through an access control list (ACL).
Authentication confirms your identity first, then DAC uses that identity to decide what you're allowed to do.
DAC differs from MAC because owners control access in DAC, while a central authority enforces it in MAC.
On the exam, the phrase 'the owner sets permissions' is the signal for DAC.
DAC is Discretionary Access Control, an access control model where the owner of a file or resource decides who can access it and what they can do. Those decisions are usually recorded in an access control list (ACL).
No. In DAC the resource owner controls access and can grant it to others at their discretion, while in MAC a central authority enforces fixed security labels that owners can't override. DAC is flexible; MAC is strict.
DAC ties access to the resource owner's choices, often per user. RBAC ties access to roles, so permissions are assigned to a job role like 'manager' and anyone in that role inherits them, which scales better for large organizations.
Yes, access control models including DAC appear in Unit 4 around authentication and authorization. You'll most likely see it in multiple-choice questions asking you to match a scenario to the right model.
Standard file permissions on Windows and Linux use DAC, and so do shared documents where you pick who gets view or edit access. If you can choose who you share something with, that's DAC at work.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.