Encyclopedia of Database Systems

2009 Edition

Discretionary Access Control

  • Gail-Joon Ahn
Reference work entry
DOI: https://doi.org/10.1007/978-0-387-39940-9_135



Discretionary access control (DAC) provides for owner-controlled administration of access rights to objects. DAC, as the name implies, permits the granting and revocation of access permissions to be left to the discretion of the individual users. A DAC mechanism allows users to grant or revoke access to any of the objects under their control.

Historical Background

Trusted computer system evaluation criteria (TCSEC) published by the US Department of Defense, commonly known as the Orange Book, defined two important access control modes for information systems: discretionary access control (DAC) and mandatory access control (MAC). As the name implies, DAC allows the creators or owners of files to assign access rights. Also, a user (or subject) with discretionary access to information can pass that information on to another user (or subject). DAC has its genesis in the academic and research setting from which time-sharing...

This is a preview of subscription content, log in to check access.

Recommended Reading

  1. 1.
    Bertino E., Samarati P., and Jajodia S. Authorizations in relational database management systems. In Proc. 1st ACM Conf. on Computer and Communications Security, 1993, pp. 130–139.Google Scholar
  2. 2.
    Bishop M. Computer Security: Art and Science. Addison-Wesley, Reading, MA, 2003.Google Scholar
  3. 3.
    Castano S., Fugini M.G., Martella G., and Samarati P. Database Security. Addison Wesley, Reading, MA, 1994.Google Scholar
  4. 4.
    Fagin R. On an authorization mechanism. ACM Trans. Database Syst., 3(3):310–319, 1978.Google Scholar
  5. 5.
    Ferraiolo D.F., Gilbert D.M., and Lynch N. An examination of federal and commercial access control policy needs. In Proc. NIST–NCSC National Computer Security Conference, 1993, pp. 107–116.Google Scholar
  6. 6.
    Graham G.S. and Denning P.J. Protection: principles and practice. In Proc. AFIPS Spring Joint Computer Conference. 40:417–429, 1972.Google Scholar
  7. 7.
    Griffiths P.P. and Wade B.W. An authorization mechanism for a relational database system. ACM Trans. Database Syst., 1(3):242–255, 1976.Google Scholar
  8. 8.
    Lampson B.W. Protection. In Proc. 5th Princeton Symp. on Information Science and Systems, 1971, pp. 437–443. Reprinted in ACM Operat. Syst. Rev., 8(1):18–24, 1974.Google Scholar
  9. 9.
    Rabitti F., Bertino E., Kim W., and Woelk D. A model of authorization for next-generation database systems. ACM Trans. Database Syst., 16(1), 1991.Google Scholar
  10. 10.
    Sandhu R.S. and Samarati P. Access control: principles and practice. IEEE Commun., 32(9):40–48, 1994.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  • Gail-Joon Ahn
    • 1
  1. 1.Arizona State UniversityTempe USA