Which access control method allows users to grant their permissions to other users?

Discretionary access control (DAC) is the correct choice because it allows the owner of the data or resource to control who has access to it and to what extent. In a DAC environment, users can grant their permissions to other users, thereby transferring control over access to their resources. This is typically done through user-specific permissions or access lists.

In DAC, the owner has the flexibility to assign rights and privileges at their discretion. For example, if a user owns a document, that user can decide to share it with colleagues by granting them access rights. This level of control makes DAC intuitive and user-friendly, particularly in environments where collaboration is vital.

In contrast, other access control methods like Mandatory Access Control (MAC) enforce strict policies defined by a central authority and do not allow users to exercise discretion over their permissions. Role-Based Access Control (RBAC) ties permissions to roles rather than individual user discretion, thus limiting the ability to grant access freely. Attribute-Based Access Control (ABAC) uses policies to determine access based on attributes of users and resources but does not focus on user discretion in granting permissions.