Who can do what? DAC vs. MAC

Users (or subjects), services (or programs) and resources (data or system objects) are the main actors or targets of access control on top of the trusted provided by the operating system. The relationships between actors and targets defines the type of access control that is used, usually expressed as discretionary access control (DAC) or mandatory access control (MAC). DAC usually implies a concept of identity from which access rights are derived. This identity can also be a role.