read Discretionary Access Control (DAC) first the list that determines which users or groups are allowed or denied access to the object the system checks the DACL when a process tries to access an object to check if it has the perms