What type of controls allow users to grant or assign rights to objects autonomously?

Discretionary controls are designed specifically to allow users to grant or assign rights to objects based on their discretion. This means that users have the authority to make decisions about permissions for specific resources, such as files or applications they own. For example, a user might choose to share a document with other users, giving them permission to view or edit the document as they see fit.

This autonomy is a key characteristic of discretionary controls, as it places the responsibility and control of permissions in the hands of individual users rather than a central authority or policy. In contrast, other types of controls, like mandatory controls, dictate access levels and rights from a centralized system without allowing individual discretion. Access controls typically refer to the overall strategies and mechanisms used to manage user permissions rather than the autonomy granted to users. Policy-based controls operate under set policies that define permissions and rights but do not typically allow users to make individual choices about granting access.