Which access control model allows the owner of an object to delegate permissions to other users?

The answer is based on the characteristics of discretionary access controls (DAC). In a DAC model, the owner of an object, which could be a file, folder, or any resource, has the flexibility to determine who has access to that object and what permissions they have. This means that the owner can grant or restrict access to other users at their discretion, making it very user-centric.

In contrast, the other access control models do not operate in the same way regarding ownership and delegation of permissions. Mandatory access controls (MAC) are more rigid, focusing on system-enforced policies that do not allow users to make modifications based on personal preferences. Role-based access controls (RBAC) link permissions to roles rather than specific users, thereby restricting the owner’s ability to pass along their permissions to others freely. Attribute-based access controls (ABAC) use policies that evaluate attributes of the user, environment, and resource to grant access, also limiting individual user discretion regarding permission delegation.

Hence, the discretionary access control model is the only one that allows for explicit permission delegation by the owner, thereby providing the owner the authority to manage access as they see fit.