Difference Between DAC and MAC (original) (raw)

Last Updated : 17 Dec, 2025

In IT security, controlling who can access specific data or resources is essential. Two of the most widely used access control models are Discretionary Access Control (DAC) and Mandatory Access Control (MAC).

• Access control decides who can access what and how.
• DAC gives control to the data owner, while MAC uses strict system-enforced rules.
• DAC is flexible but less secure; MAC is rigid but highly secure.
• Choosing the right model depends on security needs and environmental sensitivity.

What is DAC?

Discretionary Access Control (DAC) allows the owner of a resource to decide who can access it.

• Identity-based access (username/password).
• Resource owners control permissions.
• Access can be easily shared or transferred.
• More flexible but less secure.

**Example:
Like on Instagram if you post a story and tag someone, they can repost it to their followers. You (the owner) decide who gets access. That is DAC.

DAC

What is MAC?

Mandatory Access Control (MAC) enforces access based on strict security policies set by the system or administrator.

• Controlled by the system, not the user.
• Based on user clearance and security levels.
• Rules cannot be modified by regular users.
• Highly secure, used in sensitive environments.

**Example:
Posting a story to “Close Friends.” Only the selected group can view it, and no one can repost it. Instagram controls that rule not you. That is MAC.

MAC

Differences Between DAC and MAC

DAC offers ease and flexibility for general use, while MAC ensures strict, high-security environments like military and government systems.