A network administrator is configuring a new file server. The goal is to simplify permissions by creating groups such as 'Marketing', 'Developers', and 'Executives'. Each user will be assigned to one or more of these groups, and their access to files and folders will be determined solely by their group memberships. Which access control model is the administrator implementing?
Role-Based Access Control (RBAC) is being implemented. This model grants or denies access based on the roles or groups assigned to users. In this scenario, the 'Marketing', 'Developers', and 'Executives' groups are the roles that determine access rights.
Discretionary Access Control (DAC) is incorrect because it allows the owner of the resource to grant access at their discretion, rather than relying on predefined group-based permissions.
Mandatory Access Control (MAC) is incorrect because it is a stricter model that uses security labels (like 'Confidential' or 'Secret') assigned to both users and resources, which are enforced by the system. It is not based on user-defined groups or roles.
Attribute-Based Access Control (ABAC) is incorrect because it uses a more dynamic set of rules based on attributes of the user, resource, and environment (like time of day or location), not just a user's role or group membership.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Role-Based Access Control (RBAC)?
Open an interactive chat with Bash
How does RBAC differ from Discretionary Access Control (DAC)?
Open an interactive chat with Bash
Can RBAC be combined with other access control models like ABAC?