A means of restricting access to an object (e.g., files, data entities) based on the identity and need-to-know of a subject (e.g., user, process) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with certain access permission is capable of passing that permission (perhaps indirectly) to any other subject (unless restrained by a mandatory access control).