Under Role based access control, access rights are grouped by:

A.
Policy name

B.
Rules

C.
Role name

D.
Sensitivity label

Explanation:
With role-based access control, access rights are grouped by role name, and the use of
resources is restricted to individuals authorized to assume the associated role. For
example, within a hospital system the role of doctor can include operations to perform
diagnosis, prescribe medication, and order laboratory tests; and the role of researcher
can be limited to gathering anonymous clinical information for studies.