Discretionary Access Control (DAC)
Computer security is important in every organization. It covers several areas such as locking the computer room and the computer itself, protecting login accounts with passwords, encrypting network communication lines and use of file protection among others. Whitman (2011) points out that computer system security ensures that your computer does what it is supposed to, even if the users do what they should not do. Discretionary Access Control (DAC) is a type of access controls that provides protection to the files in a computer system. This type of control restricts access to files based on the identity of users or groups which they belong. It is discretionary and lets you tell the computer system who can have access to your files and therefore you can specify the type of access allowed. For example, you can allow anyone to read a particular file in the system, but allow only you to be able to change it.
According ...view middle of the document...
An ACL allows for high security to be maintained and can be used with a DAC system.
An ACL provides better security file security by allowing you to define the file permissions for the owner of the file, the file group, specify other users and groups and give default permissions for each category. The organization can use an ACL with a DAC system to restrict access to data and files by determining the list of people who can view certain types of files. This form of access control still maintains high security in the organization regarding access of files. An ACL is a good compensation for high security systems, which only support DAC because they can solve the dilemma of allowing one person in a group to be able to modify the contents of the file. For example, if a particular group in the access list has permission to access a certain file, an ACL allows the whole group to access but limits the whole group to modifying it. Only one person in the list is able to modify the file the others can only access it.
Haldar (2010) explains that an ACL holds a detailed list of Access Control Entries which are used to make access decisions. This allows an organization to determine a list of users who have access to specific data and the privileges that they have with respect to that data or file. An access control triple consists of the user, the file and program with the corresponding access privileges noted for each. In a high security system, this type of access control prevents some users from accessing or modifying some files and programs even if they are using the same system and critical information is protected. An ACL, therefore, typically limits certain users from accessing certain types of information in the system. Another advantage of an ACL in maintaining high security in an organization is that it restricts access to both files in the system and in the domain. This is because there are file system ACLs and Networking ACLs. Networking ACLSs restricts access to a certain port numbers or IP addresses, and therefore, only certain users are able to access restricted network services.
Haldar, S. 2010. Operating Systems. India: Pearson Education
Whitman, M. 2011. Principles of Information Security. California: Cengage Learning