CAP · Question #399
Which of the following statements about role-based access control (RBAC) model is true?
The correct answer is B. In this model, a user can access resources according to his role in the organization.. Role-Based Access Control (RBAC) grants users permissions based on their assigned organizational role rather than on individual account-level settings.
Question
Which of the following statements about role-based access control (RBAC) model is true?
Options
- AIn this model, the permissions are uniquely assigned to each user account.
- BIn this model, a user can access resources according to his role in the organization.
- CIn this model, the same permission is assigned to each user account.
- DIn this model, the users canaccess resources according to their seniority.
How the community answered
(26 responses)- A4% (1)
- B92% (24)
- D4% (1)
Why each option
Role-Based Access Control (RBAC) grants users permissions based on their assigned organizational role rather than on individual account-level settings.
Uniquely assigning permissions to each individual user account describes Discretionary Access Control (DAC), not RBAC, because RBAC attaches permissions to roles rather than to individual accounts.
In RBAC, permissions are assigned to roles that reflect job functions, and users gain access rights by being assigned to the appropriate role. This approach enforces least privilege based on organizational responsibilities, simplifies access administration, and ensures consistent policy enforcement across users with the same function.
Assigning the same permission to every user account describes an undifferentiated access model with no meaningful access control, which is neither RBAC nor a recognized secure access model.
Granting access based on seniority or rank is not a standard access control model; RBAC is based on job function and role assignment, not on hierarchical organizational tenure.
Concept tested: Role-Based Access Control (RBAC) model definition
Source: https://csrc.nist.gov/projects/role-based-access-control
Topics
Community Discussion
No community discussion yet for this question.