The Discretionary Access Control (DAC) model provides the most granular level of access control. It is an identity-based (or subject-based) model and allows data owners to assign permissions to subjects at the most basic level.

For example, you can assign read permission to a single user. A distinguishing feature of the DAC model is that users have full control over any objects they create.

DAC permission assignment is done case by case basis by the Data Owner.