What is the term for access control that allows user-defined settings?

The term for access control that allows user-defined settings is Discretionary Access Control (DAC). In DAC, the resource owner has the authority to make decisions regarding access permissions for their own resources. This means users can control who can access their information by granting or revoking permissions at their discretion.

This flexibility is a key characteristic of DAC, as it permits users to set policies and manage access to their own data, unlike other access control models. While Rule-Based Access Control and Role-Based Access Control are based on predefined rules and roles assigned to users, and Mandatory Access Control enforces a strict policy determined by a central authority, DAC empowers individual users to express their control over their resources. This approach can be both advantageous for user autonomy and challenging in terms of ensuring consistent security policies across an organization.