Discrétionnaire access control

The discrétionnaire Access control (DAC for Discretionary access control ) is a kind of access control, defined by the Trusted Computer System Evaluation Criteria (TCSEC) like “ of the means of limiting the access to the objects based on the identity of the subjects or the groups to which they belong. The orders are discrétionnaires because a subject with a certain access authorization is able to transmit this permission (perhaps indirectly) to any other subject (except restriction of the obligatory access control). ”

Widened definition

The discrétionnaire access control is generally defined in opposition to the obligatory access control (which is an equal sometimes named nondiscretionnaire access control). One can also say that a system has the discrétionnaire or purely discrétionnaire access control like manner of saying that the system lacks an obligatory access control. On the one hand, one can say that systems apply IMPER and the DAC simultaneously, where the DAC refers to a category of access controls which the subjects can transfer among one the other, and where the IMPER refers to a second category of the access controls which impose constraints on the first.

The theory and practice

However, the significance of the limit is not in practice as defined as the definition given in standard TCSEC. For example, the limit is generally used in the contexts which suppose that, under DAC, each object probably an owner has who orders the permissions to reach the object, because many systems apply the DAC by using the concept of an owner. But the definition of TCSEC does not indicate anything about the owners, technically a control system of access should not have a concept of owner to reconcile the definition of the TCSEC and DAC.

Another example, of the possibilities are sometimes described as discrétionnaires orders because they make it possible on subjects to transfer their access on other subjects, though safety is basically not about the access based on the identity of the subjects. Possibilities generally make it possible permissions to be last on any other subject, to pass these permissions, it must initially have access about reception, and the subjects generally do not have access on all the subjects in the system.

See too

• discrétionnaire Capacity

Random links:

Furnace of glassmaker | Alan (Haute-Garonne) | Saint-franc | 2006 in astronautics | The Fabric Workshop and Museum | Réclamation_dans_la_faillite

© 2007-2008 speedlook.com; article text available under the terms of GFDL, from fr.wikipedia.org