CISSP · Question #725
An organization would like to implement an authorization mechanism that would simplify the assignment of various system access permissions for many users with similar job responsibilities. Which type
The correct answer is A. Role-based access control (RBAC). Role-based access control (RBAC) is the best mechanism for simplifying permission assignment for users with similar job responsibilities by grouping permissions into roles rather than assigning them individually.
Question
An organization would like to implement an authorization mechanism that would simplify the assignment of various system access permissions for many users with similar job responsibilities. Which type of authorization mechanism would be the BEST choice for the organization to implement?
Options
- ARole-based access control (RBAC)
- BDiscretionary access control (DAC)
- CContent-dependent Access Control
- DRule-based Access Control
How the community answered
(38 responses)- A92% (35)
- B5% (2)
- D3% (1)
Why each option
Role-based access control (RBAC) is the best mechanism for simplifying permission assignment for users with similar job responsibilities by grouping permissions into roles rather than assigning them individually.
RBAC assigns permissions to roles (e.g., 'Manager', 'Analyst') rather than to individual users, so administrators simply assign users to appropriate roles based on their job function. This significantly reduces administrative overhead when many users share similar responsibilities, as changing a role's permissions automatically updates access for all members of that role.
Discretionary Access Control (DAC) allows resource owners to individually grant or restrict access to their own resources, which does not simplify bulk permission assignment for groups of users with similar roles.
Content-dependent Access Control makes authorization decisions based on the actual content or data being accessed (e.g., a database field value), not on user job responsibilities, making it unsuitable for simplifying user permission assignments.
Rule-based Access Control applies access decisions based on predefined system-wide rules or conditions (e.g., time of day, IP address), rather than grouping users by job function, so it does not simplify managing permissions for users with similar responsibilities.
Concept tested: Role-based access control for grouped user permissions
Source: https://learn.microsoft.com/en-us/azure/role-based-access-control/overview
Topics
Community Discussion
No community discussion yet for this question.