Which access control method grants permissions based on the identity of the user?

Discretionary Access Control (DAC) is an access control model that grants permissions based on the identity of the user. In DAC, the resource owner has the authority to make decisions on who can access specific resources, allowing them to grant or revoke access permissions at their discretion. This model emphasizes the user’s identity and provides flexibility in resource permissions, as access can be tailored to individual users or groups.

In DAC, each object (such as files or directories) has an associated owner who can control access to that object. For example, a user who creates a file can decide who can read, write, or execute that file, based on their judgment and relationships with the other users.

Other access control methods focus on different aspects. Role-Based Access Control assigns permissions based on the role a user has within an organization, rather than their unique identity. Mandatory Access Control enforces strict policies determined by a central authority and does not allow individual users to change access controls. Attribute-Based Access Control bases permissions on attributes (such as user roles, environmental conditions, or security levels) rather than solely on user identity. Thus, DAC stands out for its direct link between user identity and access permissions.