An organization has hundreds of cloud users whose permissions are tied to their job functions. The security team wants a solution that allows administrators to change a user's access quickly when the user transfers departments, without editing each individual account or risking privilege creep. Which identity-and-access management approach best satisfies this requirement?
Assign privileges to a single group and adjust membership as responsibilities shift
Maintain privileges on individual user accounts, modifying them whenever an employee moves to a new task
Store user credentials inside separate tokens and schedule regular updates to each token
Grant baseline permissions to each person and apply elevated privileges when needed
Assigning privileges to a group that represents a specific job function keeps permissions consistent for everyone performing that role. When responsibilities change, administrators simply add or remove the user from the group, eliminating the need to modify multiple individual accounts. Storing privileges directly on each user, granting broad baseline access, or managing separate tokens still requires more frequent and error-prone updates.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is assigning privileges to a group more efficient than managing individual user accounts?
Open an interactive chat with Bash
What is the risk of granting elevated privileges on an as-needed basis?
Open an interactive chat with Bash
What are the benefits of using role-based access control (RBAC) in this scenario?