What is a primary characteristic of discretionary access controls (DAC)?

A primary characteristic of discretionary access controls (DAC) is that the object's Access Control List (ACL) tracks permissions granted by the owner. In a DAC system, the owners of resources (such as files or directories) have the authority to determine who can access their resources and what type of access is allowed. This owner-centric model allows for flexibility in permissions, meaning that the owner can grant, modify, or revoke access rights as needed.

This characteristic is important because it enables a more dynamic and customizable security model compared to other access control models. In DAC, the owner has the discretion to set access controls, which may change as the owner sees fit, reflecting the specific needs or circumstances of their resource usage.

While it is essential to also understand the other aspects of access controls, the fact that the permissions are tracked via the object's ACL and can be modified by the owner is what distinctly identifies DAC. It highlights the responsibility and control that end users have over their data, making it flexible but also potentially susceptible to misconfigurations or unintentional sharing if not managed carefully.