What type of access control allows users to control access to their resources?

Discretionary Access Control (DAC) is a security model that allows individual users to manage and control access to their resources, such as files or directories. In this model, the owner of the resource has the authority to grant or restrict access permissions to other users. This flexibility enables users to make decisions regarding who can read, write, or execute a file, essentially allowing them to "discretionarily" control access based on their own preferences or requirements.

For example, if a user creates a document, they can decide who else in the organization can view or edit that document. This power can foster collaboration but may also introduce risks if users mistakenly grant access to unauthorized individuals or do not manage permissions correctly.

In contrast, the other access control models, such as Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC), impose more structured or centralized rules for access management, limiting individual user's authority to alter permissions. This makes DAC unique and particularly focused on user empowerment when it comes to resource sharing and access.