---
title: "DAC — AP Cybersecurity Definition & Exam Guide"
description: "DAC (Discretionary Access Control) lets resource owners decide who gets access. Learn how it fits AP Cybersecurity Unit 4 authentication and how it differs from MAC and RBAC."
canonical: "https://fiveable.me/ap-cybersecurity/key-terms/dac"
type: "key-term"
subject: "AP Cybersecurity"
unit: "Unit 4"
---

# DAC — AP Cybersecurity Definition & Exam Guide

## Definition

DAC (Discretionary Access Control) is an access control model where the owner of a resource decides who can access it and what they can do, usually managed through access control lists. It connects to authentication and authorization in AP Cybersecurity Unit 4.

## What It Is

DAC stands for **[Discretionary Access Control](/ap-cybersecurity/key-terms/discretionary-access-control "fv-autolink")**. The key word is "discretionary" because access is left to the *discretion* of the resource owner. If you create a file, you get to decide who else can read, write, or run it. There's no central [authority](/ap-cybersecurity/key-terms/authority "fv-autolink") overriding your call.

Think of it like sharing a Google Doc. You own it, so you choose who gets viewer, commenter, or editor access. That's DAC in action. Behind the scenes, those permissions are tracked in an **access control list (ACL)**, which pairs each user or group with the rights they have on the resource. DAC is the most common [access control model](/ap-cybersecurity/unit-5/protecting-applications-and-data-managerial-controls-and-access-controls/study-guide/tZFME9LjYUHiIc9fHQE2 "fv-autolink") you'll bump into on everyday systems like Windows and Linux file permissions, precisely because it's flexible and puts owners in charge.

## Why It Matters

DAC lives in **[Unit 4](/ap-cybersecurity/unit-4 "fv-autolink"): Securing Devices**, specifically around Topic 4.2 Authentication and the authorization that follows it. Once an **authentication mechanism** verifies *who* you are (the job of [[AP Cybersecurity](/ap-cybersecurity "fv-autolink") 4.2.C]), an access control model decides *what* you're allowed to do. DAC is one of the answers to that second question. Understanding it helps you reason about why locking down login settings ([AP Cybersecurity 4.2.D]) matters, because if an attacker steals an owner's credentials under DAC, they inherit that owner's power to grant access to others. The exam wants you to tell access control models apart and match each to the right scenario.

## Connections

### MAC (Mandatory Access Control) (Unit 4)

MAC is DAC's strict cousin. Instead of owners deciding access, a central policy and security labels do, so a user can't just hand out permissions. DAC trusts the owner; MAC trusts the system.

### [Access Control List (Unit 4)](/ap-cybersecurity/key-terms/access-control-list)

The ACL is how DAC actually stores its decisions. Each entry says which user or group can do what to a resource, so DAC without an ACL is just an idea with no enforcement.

### RBAC (Role-Based Access Control) (Unit 4)

[RBAC](/ap-cybersecurity/key-terms/rbac "fv-autolink") assigns permissions to roles rather than individuals or owners. Where DAC lets one owner grant access ad hoc, RBAC says 'all managers can see payroll,' which scales better in big organizations.

### Authentication (Topic 4.2)

[Authentication](/ap-cybersecurity/key-terms/authentication "fv-autolink") and DAC are a two-step handshake. Authentication confirms your identity using factors like passwords or biometrics, then DAC uses that confirmed identity to look you up in the ACL and decide your access.

## On the AP Exam

Expect DAC to show up in multiple-choice questions that hand you a scenario and ask which access control model fits. The giveaway phrase is that the resource *owner* sets permissions. You should be able to contrast DAC with MAC, RBAC, and RuBAC quickly, since the exam loves to test whether you can match a model to who controls access. No released FRQ has used DAC verbatim, but the concept supports any answer about authorization and how access decisions get made after authentication. Practice spotting the trigger words: 'owner decides' means DAC, 'central labels' means MAC, 'job role' means RBAC.

## DAC vs MAC (Mandatory Access Control)

Both control who can access a resource, but the difference is who's in charge. Under DAC, the resource owner chooses and can pass access along at their discretion. Under MAC, a central authority enforces fixed security labels and the owner can't override them. Quick memory hook: DAC is Discretionary (owner's choice), MAC is Mandatory (system's rule).

## Key Takeaways

- DAC stands for Discretionary Access Control, where the owner of a resource decides who can access it.
- DAC permissions are typically stored and enforced through an access control list (ACL).
- Authentication confirms your identity first, then DAC uses that identity to decide what you're allowed to do.
- DAC differs from MAC because owners control access in DAC, while a central authority enforces it in MAC.
- On the exam, the phrase 'the owner sets permissions' is the signal for DAC.

## FAQs

### What is DAC in cybersecurity?

DAC is Discretionary Access Control, an access control model where the owner of a file or resource decides who can access it and what they can do. Those decisions are usually recorded in an [access control list](/ap-cybersecurity/key-terms/access-control-list "fv-autolink") (ACL).

### Is DAC the same as MAC?

No. In DAC the resource owner controls access and can grant it to others at their discretion, while in MAC a central authority enforces fixed security labels that owners can't override. DAC is flexible; MAC is strict.

### How is DAC different from RBAC?

DAC ties access to the resource owner's choices, often per user. RBAC ties access to roles, so permissions are assigned to a job role like 'manager' and anyone in that role inherits them, which scales better for large organizations.

### Is DAC on the AP Cybersecurity exam?

Yes, access control models including DAC appear in Unit 4 around authentication and authorization. You'll most likely see it in multiple-choice questions asking you to match a scenario to the right model.

### Where would I see DAC in real life?

Standard file permissions on Windows and Linux use DAC, and so do shared documents where you pick who gets view or edit access. If you can choose who you share something with, that's DAC at work.

## Related Study Guides

- [4.2 Authentication](/ap-cybersecurity/unit-4/authentication/study-guide/8fehxw1s1LZlYi1K3rm7)

## Structured Data

```json
{"@context":"https://schema.org","@graph":[{"@type":"LearningResource","@id":"https://fiveable.me/ap-cybersecurity/key-terms/dac#resource","name":"DAC — AP Cybersecurity Definition & Exam Guide","url":"https://fiveable.me/ap-cybersecurity/key-terms/dac","learningResourceType":"Concept explainer","educationalLevel":"AP® / High School","about":{"@id":"https://fiveable.me/ap-cybersecurity/key-terms/dac#term"},"audience":{"@type":"EducationalAudience","educationalRole":"student"},"dateModified":"2026-06-15T18:59:28.613Z","isPartOf":{"@type":"Collection","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"publisher":{"@type":"Organization","name":"Fiveable","url":"https://fiveable.me"}},{"@type":"DefinedTerm","@id":"https://fiveable.me/ap-cybersecurity/key-terms/dac#term","name":"DAC","description":"DAC (Discretionary Access Control) is an access control model where the owner of a resource decides who can access it and what they can do, usually managed through access control lists. It connects to authentication and authorization in AP Cybersecurity Unit 4.","url":"https://fiveable.me/ap-cybersecurity/key-terms/dac","inDefinedTermSet":{"@type":"DefinedTermSet","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"educationalAlignment":[{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.2, LO 4.2.C"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.2, LO 4.2.D"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.2, LO 4.2.A"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.2, LO 4.2.B"}]},{"@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is DAC in cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"DAC is Discretionary Access Control, an access control model where the owner of a file or resource decides who can access it and what they can do. Those decisions are usually recorded in an [access control list](/ap-cybersecurity/key-terms/access-control-list \"fv-autolink\") (ACL)."}},{"@type":"Question","name":"Is DAC the same as MAC?","acceptedAnswer":{"@type":"Answer","text":"No. In DAC the resource owner controls access and can grant it to others at their discretion, while in MAC a central authority enforces fixed security labels that owners can't override. DAC is flexible; MAC is strict."}},{"@type":"Question","name":"How is DAC different from RBAC?","acceptedAnswer":{"@type":"Answer","text":"DAC ties access to the resource owner's choices, often per user. RBAC ties access to roles, so permissions are assigned to a job role like 'manager' and anyone in that role inherits them, which scales better for large organizations."}},{"@type":"Question","name":"Is DAC on the AP Cybersecurity exam?","acceptedAnswer":{"@type":"Answer","text":"Yes, access control models including DAC appear in Unit 4 around authentication and authorization. You'll most likely see it in multiple-choice questions asking you to match a scenario to the right model."}},{"@type":"Question","name":"Where would I see DAC in real life?","acceptedAnswer":{"@type":"Answer","text":"Standard file permissions on Windows and Linux use DAC, and so do shared documents where you pick who gets view or edit access. If you can choose who you share something with, that's DAC at work."}}]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"AP Cybersecurity","item":"https://fiveable.me/ap-cybersecurity"},{"@type":"ListItem","position":2,"name":"Key Terms","item":"https://fiveable.me/ap-cybersecurity/key-terms"},{"@type":"ListItem","position":3,"name":"Unit 4","item":"https://fiveable.me/ap-cybersecurity/unit-4"},{"@type":"ListItem","position":4,"name":"DAC"}]}]}
```
