Which of the following methods is based on the user’s roles and responsibilities?

A.
Mandatory access control

B.
System access control

C.
Role-based access control

D.
Discretionary access control

Explanation:

Role-based access control method is based on the user’s roles and responsibilities.
Role-based access control (RBAC) is an access control model. In this model, a user can access
resources according to his role in the organization. For example, a backup administrator is
responsible for taking backups of important data. Therefore, he is only authorized to access this data
for backing it up. However, sometimes users with different roles need to access the same resources.
This situation can also be handled using the RBAC model.
Answer option D is incorrect. Discretionary access control (DAC) is an access policy determined by
the owner of an object. The owner decides who should be allowed to access the object and what
privileges they should have.
Answer option A is incorrect. Mandatory access control uses security lablel system.
Answer option B is incorrect. There is no access control method such as System access control.
Reference: “http://en.wikipedia.org/wiki/Role-based_access_control”