Which of the following represents an access control model that enables users to perform activities based on the permissions assigned to their roles?

The access control model that allows users to perform activities based on the permissions assigned to their roles is known as role-based access control (RBAC). In this model, access rights are granted to users based on their assigned roles within an organization, which simplifies the management of user permissions and enhances security.

With RBAC, organizations can define various roles that correspond to specific job functions and responsibilities. Each role has associated permissions that determine what resources a user can access and what actions they are permitted to execute. This approach not only streamlines the administration of user permissions—since permissions do not need to be assigned individually to each user—but also helps ensure consistent application of security policies across the organization.

This model is particularly effective in large organizations where users may have similar job functions, as it allows for quick adjustments to access controls when roles or personnel change. By using RBAC, organizations can maintain a principle of least privilege, ensuring that users have only the necessary access required to perform their duties.

In contrast, nondiscretionary access control typically involves centralized control of access permissions and may not allow individual discretion in granting access rights. Time-based access control restricts access to certain times or conditions rather than focusing on user roles. Meanwhile, rule-based access control relies