A cloud administrator is onboarding several new employees into the marketing department. To ensure operational efficiency and security, the administrator needs to grant the new hires the same access to cloud storage and applications as their team members. The process must be scalable and minimize administrative overhead. Which of the following is the BEST approach to accomplish this?
Individually assign permissions to each new employee's account for every required resource.
Clone the user account of an existing marketing employee for each new hire.
Require the new employees to request access to each resource individually, subject to manager approval.
Create a 'Marketing' security group, assign the necessary permissions to the group, and then add the new employees as members.
Creating a security group for the marketing department, assigning all necessary permissions to that group, and then adding new employees to the group is the most efficient and scalable method. This approach, known as group-based access control (GBAC), ensures consistency and simplifies administration. Cloning an existing user's account is risky because it can lead to privilege creep, where unnecessary permissions accumulated by the original user are passed on. Assigning permissions individually is time-consuming, error-prone, and does not scale well. Requiring individual requests for each resource places the administrative burden on the end-user and approvers and does not represent an efficient provisioning strategy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a common assignment structure in IT?
Open an interactive chat with Bash
Why is copying permissions from an existing user not recommended?
Open an interactive chat with Bash
How does role-based access control (RBAC) support consistent permissions?