Which access control model allows users to have more granular permissions based on system resources?

The access control model that allows users to have more granular permissions based on system resources is Resource-Based Access Control. This model is designed to provide fine-tuned access management by allowing specific permissions to be assigned to users based on the characteristics and needs of the resources being accessed.

In Resource-Based Access Control, each resource can define its own access rules, enabling tailored permissions that consider the sensitivity and requirements of individual data elements or system components. This flexibility allows organizations to enforce stricter security measures where needed while still granting access in a controlled manner.

The other options, while valid access control models, do not inherently focus on granular permissions tied directly to resources in the same way. Mandatory Access Control, for example, is characterized by fixed policies where access rights are determined by a central authority rather than user or resource-specific configurations. Role-Based Access Control assigns permissions based on user roles, leading to a broader, more generalized access strategy. Discretionary Access Control allows resource owners to determine access permissions, but this can also lead to less granular control compared to the resource-specific focus of Resource-Based Access Control.