Final answer:
The statement is false. DAC is based on the user's identity and the discretion of the owners of information, while RBAC is the model based on user roles within a system.
Step-by-step explanation:
The statement is false. Discretionary Access Control (DAC) is a type of security model that is based on the user's identity rather than the roles they assume within a system. In DAC systems, the owners of the information or resources set policies defining who has access to each resource, often using Access Control Lists (ACLs). The access to resources is typically based on the discretion of the resource owner, hence the name 'discretionary'.
On the other hand, Role-Based Access Control (RBAC) is the access control model based on the roles that users assume within a system. RBAC assigns permissions to specific roles within an organization, and users are then granted access based on their assigned roles. This is different from DAC where access is given on a user-by-user basis.