What type of access control model allows users to control access based on their discretion?

Discretionary Access Control (DAC) is the correct choice because it is an access control model that allows users to make decisions regarding who can access their resources. In a DAC system, resource owners have the authority to grant or restrict access to their resources at their own discretion. This model emphasizes the rights and permissions of individual users, allowing them to determine how their data is shared and with whom.

In practical terms, DAC often involves the use of Access Control Lists (ACLs) where owners associated with files and objects can specify which users or groups have permissions to access a resource, and what types of access are granted (e.g., read, write, execute). This flexibility makes DAC suitable for environments where collaboration and sharing of information are essential.

Comparatively, the other access control models do not afford users the same level of discretion. Mandatory Access Control (MAC) enforces access controls based on predefined policies, regardless of the user's personal preferences. Role-Based Access Control (RBAC) assigns access rights based on the roles users hold within an organization, making decisions more about groups and organizational structure rather than individual discretion. Administrative Access Control generally refers to the controls established by administrators, which do not permit user discretion in accessing resources.

Thus, DAC is