Which term describes access restrictions that are determined by the identity of a user or group?

The term that describes access restrictions determined by the identity of a user or group is Discretionary Access Control (DAC). In this model, the owner of a resource, such as a file or directory, has the flexibility to determine who has access to that resource. The owner can grant or restrict access permissions to individuals or groups at their discretion, hence the name "discretionary."

This approach empowers individual users or resource owners to manage permissions, making it suitable for environments where user collaboration is necessary, and owners wish to maintain control over their resources. Users can also transfer permissions to others, further emphasizing the discretion of the owner.

In contrast, other access control methods, such as Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), operate on different principles. MAC establishes a system-wide policy that restricts access based on classifications or clearances assigned by a central authority, while RBAC assigns access rights based on the roles assigned to users in an organization, which centralizes access management but does not allow the same level of owner discretion. Attribute-Based Access Control (ABAC) uses user attributes and environment conditions for access decisions, but it does not focus specifically on the identity-based discretion that DAC emphasizes.