Authorization is a method of ensuring that the actions an authenticated identity makes are permitted. Typically each identity has permissions or privileges associated with it so that it is known what resources it can access and what actions it can perform on those resources. The authorization process is used to verify the permissions or privileges of an identity before granting access.

DAC is also flexible as it allows granular control over access permissions, making it suitable for situations where resource owners have specific, dynamic access requirements. The resource owners also have complete authority to determine the access rights to their resources and modify access permissions as needed without requiring approval from administrators.

Thanks to clearly defined ownership of resources, DAC helps establish accountability. The resource owners are responsible for access decisions, and if unauthorized access occurs, it can be traced back to the responsible resource owner.

While DAC offers benefits of autonomy, granularity, and flexibility, it also has limitations. The biggest concern with DAC is that it relies on the resource owner's discretion, which often leads to inconsistent or inadequate application of security policies. This makes it unsuitable for highly regulated or security-critical environments requiring stricter access control.

More info: Windows 10 Office 365 Migration Services