With RBAC, each user can be assigned:

A.
One or more roles.

B.
Only one role.

C.
A token role.

D.
A security token.

Explanation:
With RBAC, security is managed at a level that corresponds closely to the
organization’s structure. Each user is assigned one or more roles, and each role is
assigned one or more privileges that are permitted to users in that role. Roles can be
hierarchical.