A flat or simple role-based access control (RBAC) embodies which of the following principles?
A.
Users assigned to roles, permissions are assigned to groups, controls applied to groups and permissions acquired by controls
B.
Users assigned permissions, roles assigned to groups and users acquire additional permissions by being a member of a group
C.
Roles applied to groups, users assigned to groups and users acquire permissions by being a member of the group
D.
Users assigned to roles, permissions are assigned to roles and users acquire permissions by being a member of the role