Discretionary access control (DAC)

— Administrators are able to dele-

gate their privileges to other users in relation to specific resources that

they own, employing discretionary access control. This is a closed DAC

model, in which access is denied unless explicitly granted. Administra-

tors are also able to lock or expire individual user accounts. This is an

open DAC model, in which access is permitted unless explicitly with-

drawn. Various application users have privileges to create user

accounts, again applying discretionary access control.

■■