Which access control model assigns permissions based on a user's role?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare effectively for the United Knowledge Validation Test with comprehensive flashcards and multiple-choice questions. Each question includes hints and explanations to enhance your learning experience. Gear up to ace your exam confidently!

Multiple Choice

Which access control model assigns permissions based on a user's role?

Explanation:
Permissions are linked to a user’s role rather than to individual identities. In this approach, roles represent specific job functions, and each role has a defined set of permissions. When a user is assigned to a role, they automatically gain all the permissions attached to that role. This makes managing access scalable and consistent, and it supports least-privilege by giving users only what their role requires. It also makes it easier to enforce separation of duties because roles can be designed to limit conflicting permissions. In contrast, discretionary access control lets the resource owner decide who can access the resource and what they can do, often by assigning permissions directly to users or groups. Rule-based access control makes decisions based on predefined rules or conditions (such as time or location) rather than on the user’s role. Mandatory access control relies on security labels and classifications to govern access, not roles.

Permissions are linked to a user’s role rather than to individual identities. In this approach, roles represent specific job functions, and each role has a defined set of permissions. When a user is assigned to a role, they automatically gain all the permissions attached to that role. This makes managing access scalable and consistent, and it supports least-privilege by giving users only what their role requires. It also makes it easier to enforce separation of duties because roles can be designed to limit conflicting permissions.

In contrast, discretionary access control lets the resource owner decide who can access the resource and what they can do, often by assigning permissions directly to users or groups. Rule-based access control makes decisions based on predefined rules or conditions (such as time or location) rather than on the user’s role. Mandatory access control relies on security labels and classifications to govern access, not roles.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy