Difference Between Similar Terms and Objects

Difference Between MAC and DAC


In a multiple user environment, it is important that restrictions are placed in order to ensure that people can only access what they need. In this regard, Mandatory Access Control (MAC) and Discretionary Access Control (DAC) are two of the popular access control models in use. The main difference between them is in how they provide access to users. With MAC, admins creates a set of levels and each user is linked with a specific access level. He can access all the resources that are not greater than his access level. In contrast, each resource in DAC has a list of users who can access it. DAC provides access by identity of the user and not by permission level.

MAC is an easier way in establishing and maintaining access, especially when dealing with a great number of users, because you just need to establish a single level for each resource and one level for each user. With DAC, you need to know each person who needs the resource so that they can be given access. The advantage of DAC is flexibility. If you have a level 2 user who needs access to a single level 1 resource, you cannot provide access to that user without giving him access to all other resources in the same category. Lowering the level of the resource to the user would also result in all other users of his level to gain access to that resource. With DAC, you just need to add that user to the list of who can access the resource.

It is easier for admins to keep track of who has access to what because it is only them who can change the permission levels with MAC. DAC provides users who have access to the resource to also provide access to other users by including them in the list. This can be problematic if people just kept adding other people to things that they can access.

A good example of a MAC is the access levels of Windows for admins, ordinary users, and guests. For DAC, the permissions for Linux file operating systems is a good example.


1.MAC provides access based on levels while DAC provides access based on identity
2.DAC is more labor intensive than MAC
3.DAC is more flexible than MAC
4.MAC access can only be changed by admins while DAC access can be provided by other users

Sharing is caring!

Search DifferenceBetween.net :

Email This Post Email This Post : If you like this article or our site. Please spread the word. Share it with your friends/family.

Leave a Response

Please note: comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Articles on DifferenceBetween.net are general information, and are not intended to substitute for professional advice. The information is "AS IS", "WITH ALL FAULTS". User assumes all risk of use, damage, or injury. You agree that we have no liability for any damages.

Protected by Copyscape Plagiarism Finder