A company's IT department is implementing a new web application that will store sensitive customer information. As part of the design, they need to ensure appropriate user access to data within the application. Which of the following methods is MOST effective in restricting access to the data based on a user's role within the company?
RBAC
Using MAC to assign classification labels to data
Requiring username and password authentication for application logins
Allowing DAC where users control access to their data
Role-based access control (RBAC) is effective for restricting access to data within an application based on a user's role within an organization. RBAC policies ensure that only authorized users are granted the permissions necessary to access, modify, or interact with sensitive data, thus maintaining the principle of least privilege. It simplifies management and helps in effectively enforcing enterprise security policies.
While mandatory access control (MAC) and discretionary access control (DAC) are valid access control models, MAC is more commonly used in environments requiring high security and enforces access based on classified levels, which may be overly complex for a web application in a business setting. DAC, on the other hand, is based on the discretion of the owner, which could lead to a lack of consistent policy enforcement.
Username and password authentication, although necessary for verifying identity, does not inherently restrict actions based on user roles, hence it would not be effective on its own in this scenario for controlling permissions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the key principles behind Role-Based Access Control (RBAC)?
Open an interactive chat with Bash
How does RBAC differ from Discretionary Access Control (DAC)?
Open an interactive chat with Bash
Why is role assignment important in an RBAC system?