Which access control model restricts access based on user roles?

Role-Based Access Control (RBAC) is designed to manage access permissions based on the roles assigned to users within an organization. In this model, users are given access to resources based on their roles, which defines their authority levels and responsibilities. Each role corresponds to a specific set of permissions that align with job functions, making it easier to manage user access in a way that reflects organizational structure and policy.

For example, an employee in a finance role would have access to financial systems and data pertinent to their job, while an employee in the marketing department would not. This helps in ensuring that users can only access the information necessary to perform their duties, thereby enhancing security and reducing the risk of unauthorized access.

RBAC simplifies the administration of permissions since it allows for bulk updates to user access based on role changes rather than managing individual user permissions separately. This model also supports segregation of duties, reducing the chance of conflicts of interest and improving compliance with regulations.

In contrast, the other models mentioned do not specifically focus on roles. Mandatory Access Control (MAC) enforces strict access policies defined by a central authority, and users cannot modify these permissions. Rule-Based Access Control uses specific rules to determine access, which can be context-sensitive but is not role-centric. Dis