Which access control type has a central authority that determine to what objects the subjects have access to
and it is based on role or on the organizational security policy?

A.
Mandatory Access Control

B.
Discretionary Access Control

C.
Non-Discretionary Access Control

D.
Rule-based Access control

Explanation:
Non-discretionary access control is when the system administrator or a single management body within an
organization centrally controls access to all resources for everybody on a network. This type of access control
can be role based or rule based, as both of these prevents users from making access decisions based upon
their own discretion.
Incorrect Answers:
A: Mandatory Access Control is based on a security label system.
B: Discretionary Access control is based on identity.
D: Rule Based Access Control is based on rules.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 220-228
http://www.answers.com/Q/What_is_Non_discretionary_access_control
https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/
Access_Control_Systems#Non_Discretionary_or_Role_Based_Access_Control