A company plans to expand by hiring new engineers who work in highly specialized areas. Each engineer will
have very different job requirements and use unique tools and applications in their job. Which of the following is
MOST appropriate to use?
User assigned privileges
In this question, we have engineers who require different tools and applications according to their specialized
job function. We can therefore use the Role-Based Access Control model.
Role-Based Access Control (RBAC) models approach the problem of access control based on established
roles in an organization. RBAC models implement access by job function or by responsibility. Each employee
has one or more roles that allow access to specific information. If a person moves from one role to another, the
access for the previous role will no longer be available.
Instead of thinking “Denise needs to be able to edit files,” RBAC uses the logic “Editors need to be able to edit
files” and “Denise is a member of the Editors group.” This model is always good for use in an environment in
which there is high employee turnover.