During the information gathering stage of a deploying role-based access control model, which of the followinginformation is MOST likely required?
Conditional rules under which certain systems may be accessed
Matrix of job titles with required access privileges
Clearance levels of all company personnel
Normal hours of business operation
Role-based access control is a model where access to resources is determines by job role rather than by user
Within an organization, roles are created for various job functions. The permissions to perform certain
operations are assigned to specific roles. Members or staff (or other system users) are assigned particular
roles, and through those role assignments acquire the computer permissions to perform particular computersystem functions. Since users are not assigned permissions directly, but only acquire them through their role
(or roles), management of individual user rights becomes a matter of simply assigning appropriate roles to the
user’s account; this simplifies common operations, such as adding a user, or changing a user’s department.
To configure role-based access control, you need a list (or matrix) of job titles (roles) and the access privileges
that should be assigned to each role.