An
organization has implemented a hierarchical-based concept of privilege management in which
administrators have full access, HR managers have less permission than the administrators, and data
entry operators have no access to resources. Which of the following access control models is
implemented in the organization?
A.
Role-based access control (RBAC)
B.
Network-based access control (NBAC)
C.
Mandatory Access Control (MAC)
D.
Discretionary access control (DAC)
Explanation:
According to the scenario, Role-based access control (RBAC) model is implemented in
the organization.
Role-based access control (RBAC) is an access control model. In this model, a user can access
resources according to his role in the
organization. For example, a backup administrator is responsible for taking backups of important
data. Therefore, he is only authorized to
access this data for backing it up. However, sometimes users with different roles need to access the
same resources. This situation can also
be handled using the RBAC model.
Answer option D is incorrect. Discretionary access control (DAC) is an access policy determined by
the owner of an object. The owner decides
who is allowed to access the object and what privileges they have.
Two important concepts in DAC are as follows:
File and data ownership: Every object in the system has an owner. In most DAC systems, each
object’s initial owner is the subject that
caused it to be created. The access policy for an object is determined by its owner.
Access rights and permissions: These are the controls that an owner can assign to other subjects for
specific resources.
Access controls may be discretionary in ACL-based or capability-based access control systems.
Note: In capability-based systems, there is no explicit concept of owner, but the creator of an object
has a similar degree of control over itsaccess policy.
Answer option C is incorrect. Mandatory Access Control (MAC) is a model that uses a predefined set
of access privileges for an object of the
system. Access to an object is restricted on the basis of the sensitivity of the object and granted
through authorization. Sensitivity of an
object is defined by the label assigned to it. For example, if a user receives a copy of an object that is
marked as “secret”, he cannot grant
permission to other users to see this object unless they have the appropriate permission.
Answer option B is incorrect. There in no such access control model as Network-based access
control (NBAC).