Discretionary Access Control Explained

By Bernhard Mehl
December 3, 2019

What is Discretionary Access Control?

According to the Trusted Computer Evaluation Criteria, discretionary access control is “a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)”.

DAC (discretionary access control) devices utilize user identification procedures to identify and restrict object access. Authentication credentials such as username and password are verified before access is granted. This type of access control is highly flexible in terms of data control. It gives you room to customize access policies according to each end-user. Access is read and written to each user using a single file.

Features of Discretionary Access Control

Some of the features of discretionary access control include:

Flexibility

Discretionary access control systems feature the ability to allow users to customize their access policies individually. A discretionary access control example is determining the last person that will have access to your resources or space.

Ease of Control

All networks are connected to a central device. From this centralized device, users generate security policies to determine entry. This security system also allows easy monitoring of the access points. This is done using DAC devices such as keycards to permit and monitor access into a particular position of the organization.

Backup

For organizations that integrate access controls into their security system, scheduled backups are vital. Discretionary access control allows organizations to backup security policies and data to ensure effective access points. This is also vital to hinder the loss of information from a server crash.

Usability

Discretionary access control is easy to use. It allows easy policing and granting permissions for each access point. The complexity of access control is minimized to achieve better management of the network's resources.

5d13e6b076837ce3e08a9ab6
template-4
container

Benefits of Discretionary Access Control

Some benefits of discretionary access control include:

Data Security

Discretionary access control minimizes security risks. It creates a firewall against malware attacks, unauthorized access by setting up a highly encrypted security protocol that must be bypassed before access is granted. This goes further to increase reliability in the organization.

Minimizes Administrative Obligation

It is impossible for an organization to manually monitor every access attempt into their network. This would be a major drain of time and money for the business or organization. Discretionary access control automates the security surveillance system. Access points are monitored from a centralized platform to check and authenticate persons trying to access important files.

Customizable

The DAC access control type offers a flexible approach in authentication and authorization. The owner of the files, computers, and resources has the option to configure permission policies according to each user the way they prefer. This way they can assign access rights to each user in a way that is the most effective for their particular network.

Fast Authentication

Unlike the manual control and authentication of access, DAS authentication is done in a matter of seconds. Manual control requires a lot of time to execute. The DAC system automates the whole network such that it does not take more than few seconds to assess, verify and authorize or deny access.

Efficiency

The security protocol is fail-proof. The components are structured in the most efficient way to monitor and restrict access. DAS devices are innovative enough to deal with attempts to override them and gain forceful entry into unauthorized areas of an organization.

Minimizes Cost

This type of access control is also cost-effective, reducing the number of resources used in policing an organization’s network. When access points are regulated, it costs more resources. Discretionary access control automates the access points and makes them regulated from a centralized access protocol management system.

A discretionary access point is an innovative security protocol that offers a high level of security to data networks of organizations. The administration cost minimization, fast authentication, ease of use and customizable features it avails to organizations makes it a highly efficient access control tool.

Bernhard Mehl

Bernhard is the co-founder and CEO of Kisi. His philosophy, "security is awesome," is contagious among tech-enabled companies.

Access Control Basics
Access Control Technologies