SSCP Day 17: Access at Your Fingertips: The Discretionary Power of DAC

In the world of authorization models, Discretionary Access Control (DAC) is the most common, flexible, and widely used model in commercial operating systems, such as Windows, macOS, and Linux. DAC is a core concept in SSCP Domain 2: Security Operations and Administration because it governs how most users interact with files and resources every day.

DAC works on a simple principle: The Owner Decides. The creator or owner of a resource is the one responsible for setting and modifying the permissions for that resource. This grants immense flexibility but also introduces significant security risks.

---

The Core Principle: Ownership and Permissions

In a DAC environment, two primary components manage access:

1. The Owner

The individual who creates a file or resource (e.g., a document, a folder, or a database table) is automatically designated as the Owner.

• Discretion: The term “Discretionary” means the owner has the discretion or choice to grant or deny access to any other user.
• Delegation: The owner can choose to delegate ownership or transfer their discretionary control to another user.

2. Access Control List (ACL)

Every resource is tied to an Access Control List (ACL) or a similar security descriptor. This list explicitly defines which subjects (users or groups) have which permissions (actions) on the object (resource).

• Subjects: Specific user IDs (e.g., JSMITH) or security groups (e.g., HR_TEAM).
• Objects: Files, folders, printers, registry keys, etc.
• Permissions (Actions): Read, Write, Execute, Modify, Delete, and Full Control.

Scenario: Sarah creates a folder named “Q4 Budgets.” Under DAC, Sarah (the Owner) can go into the folder’s security properties and explicitly grant the “Finance Team” group Read/Write access, while granting the “Executive Team” group Read-Only access. No one else has any access unless Sarah adds them.

---

The Strengths and Weaknesses of DAC

Understanding the trade-offs of DAC is essential for managing security in a commercial environment.

Strengths (Flexibility and Simplicity)

• Granularity: DAC allows for highly specific control over individual files and folders, enabling very precise sharing.
• Ease of Use: Users can manage their own resources without needing to involve a central security administrator for every permission change, speeding up collaboration.
• Commonality: It is the default, inherited model of nearly all operating systems, making it familiar to users and administrators alike.

Weaknesses (The Security Risk)

The core strength of DAC is also its greatest weakness: the reliance on user judgment.

• Unintended Sharing: A user might mistakenly grant “Full Control” to a “Guest” account or an overly broad group, leading to accidental data exposure.
• Propagation Risk: If a document is downloaded, the new copy inherits the owner’s discretionary control, meaning security policies are not automatically carried with the data.
• Trojan Horse Problem: A malicious application or process running under a user’s ID inherits that user’s permissions, allowing it to modify or delete files the user owns without explicit permission checks from the system.

DAC in the Real World: NTFS Permissions

The most common real-world example of DAC is the NTFS permission system used in Windows environments. When you view the “Security” tab of any file or folder on a Windows machine, you are interacting directly with the ACL, which defines the DAC policy for that object.

Effective management of DAC often requires using Role-Based Access Control (RBAC)—where permissions are assigned to roles (groups) rather than individual users—to introduce order and control to the system. While not strictly DAC, using groups simplifies management and mitigates the risk of assigning permissions based solely on an individual’s discretion.

---

Resources for Further Study

To master DAC for the SSCP, focus on its inherent security flaw (the Trojan Horse problem) and its difference from the rigid structure of MAC.

Extensive Website References

• Microsoft TechNet Library (NTFS Permissions)
  • Reference: Search for “Microsoft NTFS Permissions ACL”
  • Value: Provides detailed, real-world examples of how DAC is implemented on Windows systems through the management of security identifiers (SIDs) and Access Control Entries (ACEs).
• NIST SP 800-192: Security Policy and Model Implementation Guide
  • Reference: Search for “NIST SP 800-192 Discretionary Access Control”
  • Value: Offers a U.S. government perspective on DAC, detailing its functionality, constraints, and when it is appropriate to use versus more restrictive models like MAC.
• Computer Science Access Control Model Overviews
  • Reference: Search for “DAC Model Discretionary Access Control Principles”
  • Value: Explains the fundamental conceptual difference between the subject (user/process) and the object (resource) and how the owner mediates that relationship.

Recommended Video Resources

Focus Area	Recommended Video Search Topic	Key Takeaway
ACL and DAC	“How Access Control Lists ACL work in DAC”	A visual demonstration of how users are matched against an explicit list of allowed or denied actions on a file system.
DAC Security Flaws	“The DAC Trojan Horse Problem Explained”	Focuses on the major security vulnerability in DAC: how a malicious program running under an authorized user’s credentials can perform unauthorized actions.
DAC vs. MAC vs. RBAC	“Comparing Access Control Models DAC MAC RBAC”	A comparison that quickly defines DAC’s user-centric permission model versus the centralized, strict rules of MAC and the role-based grouping of RBAC.

Access at Your Fingertips: The Discretionary Power of DAC (SSCP Domain 2)

In the world of authorization models, Discretionary Access Control (DAC) is the most common, flexible, and widely used model in commercial operating systems, such as Windows, macOS, and Linux. DAC is a core concept in SSCP Domain 2: Security Operations and Administration because it governs how most users interact with files and resources every day.

DAC works on a simple principle: The Owner Decides. The creator or owner of a resource is the one responsible for setting and modifying the permissions for that resource. This grants immense flexibility but also introduces significant security risks.

---

The Core Principle: Ownership and Permissions

In a DAC environment, two primary components manage access:

1. The Owner

The individual who creates a file or resource (e.g., a document, a folder, or a database table) is automatically designated as the Owner.

• Discretion: The term “Discretionary” means the owner has the discretion or choice to grant or deny access to any other user.
• Delegation: The owner can choose to delegate ownership or transfer their discretionary control to another user.

2. Access Control List (ACL)

Every resource is tied to an Access Control List (ACL) or a similar security descriptor. This list explicitly defines which subjects (users or groups) have which permissions (actions) on the object (resource).

• Subjects: Specific user IDs (e.g., JSMITH) or security groups (e.g., HR_TEAM).
• Objects: Files, folders, printers, registry keys, etc.
• Permissions (Actions): Read, Write, Execute, Modify, Delete, and Full Control.

Scenario: Sarah creates a folder named “Q4 Budgets.” Under DAC, Sarah (the Owner) can go into the folder’s security properties and explicitly grant the “Finance Team” group Read/Write access, while granting the “Executive Team” group Read-Only access. No one else has any access unless Sarah adds them.

---

The Strengths and Weaknesses of DAC

Understanding the trade-offs of DAC is essential for managing security in a commercial environment.

Strengths (Flexibility and Simplicity)

• Granularity: DAC allows for highly specific control over individual files and folders, enabling very precise sharing.
• Ease of Use: Users can manage their own resources without needing to involve a central security administrator for every permission change, speeding up collaboration.
• Commonality: It is the default, inherited model of nearly all operating systems, making it familiar to users and administrators alike.

Weaknesses (The Security Risk)

The core strength of DAC is also its greatest weakness: the reliance on user judgment.

• Unintended Sharing: A user might mistakenly grant “Full Control” to a “Guest” account or an overly broad group, leading to accidental data exposure.
• Propagation Risk: If a document is downloaded, the new copy inherits the owner’s discretionary control, meaning security policies are not automatically carried with the data.
• Trojan Horse Problem: A malicious application or process running under a user’s ID inherits that user’s permissions, allowing it to modify or delete files the user owns without explicit permission checks from the system.

DAC in the Real World: NTFS Permissions

The most common real-world example of DAC is the NTFS permission system used in Windows environments. When you view the “Security” tab of any file or folder on a Windows machine, you are interacting directly with the ACL, which defines the DAC policy for that object.

Effective management of DAC often requires using Role-Based Access Control (RBAC)—where permissions are assigned to roles (groups) rather than individual users—to introduce order and control to the system. While not strictly DAC, using groups simplifies management and mitigates the risk of assigning permissions based solely on an individual’s discretion.

---

Resources for Further Study

To master DAC for the SSCP, focus on its inherent security flaw (the Trojan Horse problem) and its difference from the rigid structure of MAC.

Extensive Website References

• Microsoft TechNet Library (NTFS Permissions)
  • Reference: Search for “Microsoft NTFS Permissions ACL”
  • Value: Provides detailed, real-world examples of how DAC is implemented on Windows systems through the management of security identifiers (SIDs) and Access Control Entries (ACEs).
• NIST SP 800-192: Security Policy and Model Implementation Guide
  • Reference: Search for “NIST SP 800-192 Discretionary Access Control”
  • Value: Offers a U.S. government perspective on DAC, detailing its functionality, constraints, and when it is appropriate to use versus more restrictive models like MAC.
• Computer Science Access Control Model Overviews
  • Reference: Search for “DAC Model Discretionary Access Control Principles”
  • Value: Explains the fundamental conceptual difference between the subject (user/process) and the object (resource) and how the owner mediates that relationship.

Recommended Video Resources

Focus Area	Recommended Video Search Topic	Key Takeaway
ACL and DAC	“How Access Control Lists ACL work in DAC”	A visual demonstration of how users are matched against an explicit list of allowed or denied actions on a file system.
DAC Security Flaws	“The DAC Trojan Horse Problem Explained”	Focuses on the major security vulnerability in DAC: how a malicious program running under an authorized user’s credentials can perform unauthorized actions.
DAC vs. MAC vs. RBAC	“Comparing Access Control Models DAC MAC RBAC”	A comparison that quickly defines DAC’s user-centric permission model versus the centralized, strict rules of MAC and the role-based grouping of RBAC.