Which access control scheme allows an object's access policy to be determined by its owner?

Discretionary access control (DAC) is an access control scheme where the owner of an object (such as a file or resource) has the authority to determine who can access it and what permissions those users have. This means that individual users can make decisions about who can read, write, or execute their objects.

In a DAC system, the owner can grant or revoke access rights based on their preferences, which provides flexibility and facilitates the management of access permissions on a more personal basis. This model is commonly used in file systems and certain applications, allowing users to decide how their data is shared or restricted.

Other access control schemes operate under different principles. For example, role-based access control (RBAC) assigns permissions based on the roles assigned to users within an organization rather than ownership. Mandatory access control (MAC) enforces restrictions based on regulations or policies determined by a central authority, rather than user discretion. Attribute-based access control (ABAC) utilizes attributes (such as user characteristics or resource types) to determine access rights, rather than relying on the owner's judgment.