A systems administrator is configuring permissions for two server support teams: "Production Support" and "Development Support". Members of both teams are assigned the same job roles and have identical baseline permissions. However, a security policy requires that members of the Development Support team must be prevented from accessing or modifying Production servers. Which access control concept BEST fulfills this requirement?
The correct answer is Scope-based access control (SBAC). SBAC is an extension of Role-Based Access Control (RBAC) that restricts a user's role-based permissions to a specific subset of resources, known as a scope. In this scenario, the 'scope' would be the group of Production servers. While the Development team has administrative roles, their scope of authority would not include the Production environment.
Role-based access control (RBAC) is incorrect because, by itself, it is insufficient. Both teams share the same roles, so RBAC alone would not differentiate their access based on the server environment. Rule-based access control is less appropriate as it typically enforces access based on environmental conditions like time of day or location, rather than a defined set of resources. Segregation of duties is a principle that involves splitting a critical task between multiple people to prevent fraud or error, which is different from restricting one group's access to a set of resources.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Scope-Based Access Control (SBAC)?
Open an interactive chat with Bash
How does SBAC differ from basic Role-Based Access Control (RBAC)?
Open an interactive chat with Bash
Why is Rule-Based Access Control not suitable in this scenario?