Which access control policy is enforced when an environment uses a nondiscretionary model?

A.
Rule-based

B.
Role-based

C.
Identity-based

D.
Mandatory

Explanation:
B: Roles work as containers for users. The administrator or security professional creates the roles and assigns rights to them and then assigns users to the container. The users then inherit the permissions and rights from the containers (roles), which is how implicit permissions are obtained.