| 翻訳と辞書 |
| discretionary access control : ウィキペディア英語版 |
discretionary access control
In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria〔
〕 "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)".
Discretionary access control is commonly discussed in contrast to mandatory access control (MAC, sometimes termed ''non-discretionary access control''). Occasionally a system as a whole is said to have "discretionary" or "purely discretionary" access control as a way of saying that the system lacks mandatory access control. On the other hand, systems can be said to implement both MAC and DAC simultaneously, where DAC refers to one category of access controls that subjects can transfer among each other, and MAC refers to a second category of access controls that imposes constraints upon the first.
== Implementations ==
The meaning of the term in practice is not as clear-cut as the definition given in the TCSEC standard, because TCSEC definition of DAC does not impose implementation concept. There are at least two implementations: with owner (as widespread example) and with capabilities .〔http://fedoraproject.org/wiki/Features/RemoveSETUID – Fedora 15 set to remove SETUID in favor of (Linux kernel) capabilities〕
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』
■ウィキペディアで「discretionary access control」の詳細全文を読む
スポンサード リンク
| 翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|