Ann is the data owner of financial records for a company. She has requested that she have the ability to assign
read and write privileges to her folders. The network administrator is tasked with setting up the initial access
control system and handing Ann’s administrative capabilities. Which of the following systems should be
In a Discretionary Access Control (DAC) model, network users have some flexibility regarding how information
is accessed. This model allows users to share information dynamically with other users.
Discretionary access control (DAC) allows access to be granted or restricted by an object’s owner based on
user identity and on the discretion of the object owner.
In this question, Ann has requested that she have the ability to assign read and write privileges to her folders.
Read and write access to Ann’s files will be granted by Ann at her discretion. Therefore, this is an example of
Discretionary Access Control.