Which access control model assigns permissions based on a user's role?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the United Knowledge Validation Test with flashcards and multiple choice questions, each question has hints and explanations. Enhance your understanding and boost your confidence!

Multiple Choice

Which access control model assigns permissions based on a user's role?

Explanation:
Permissions are linked to a user’s role rather than to individual identities. In this approach, roles represent specific job functions, and each role has a defined set of permissions. When a user is assigned to a role, they automatically gain all the permissions attached to that role. This makes managing access scalable and consistent, and it supports least-privilege by giving users only what their role requires. It also makes it easier to enforce separation of duties because roles can be designed to limit conflicting permissions. In contrast, discretionary access control lets the resource owner decide who can access the resource and what they can do, often by assigning permissions directly to users or groups. Rule-based access control makes decisions based on predefined rules or conditions (such as time or location) rather than on the user’s role. Mandatory access control relies on security labels and classifications to govern access, not roles.

Permissions are linked to a user’s role rather than to individual identities. In this approach, roles represent specific job functions, and each role has a defined set of permissions. When a user is assigned to a role, they automatically gain all the permissions attached to that role. This makes managing access scalable and consistent, and it supports least-privilege by giving users only what their role requires. It also makes it easier to enforce separation of duties because roles can be designed to limit conflicting permissions.

In contrast, discretionary access control lets the resource owner decide who can access the resource and what they can do, often by assigning permissions directly to users or groups. Rule-based access control makes decisions based on predefined rules or conditions (such as time or location) rather than on the user’s role. Mandatory access control relies on security labels and classifications to govern access, not roles.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy