Which of the following represents an access control model that enables users to perform activities based on the permissions assigned to their roles?

Role-based access control (RBAC) is a model that assigns permissions to users based on their roles within an organization. In this framework, a role is defined as a set of permissions that corresponds to specific job functions or responsibilities. This means that users inherit the permissions associated with the roles they are assigned to, which simplifies management and enhances security.

RBAC centralizes control over permissions and ensures that users can only access resources necessary for their job functions, thus minimizing the risk of unauthorized access. Its structure allows for easier updates to permissions; as job roles change, administrators can modify the roles themselves rather than adjusting individual user permissions, streamlining both onboarding and offboarding processes.

In contrast, other access control models focus on different paradigms. Nondiscretionary access control emphasizes administrative control over user permissions rather than individual discretion. Time-based access control restricts access based on time constraints, and rule-based access control allows access based on defined rules rather than roles. None of these models specifically center around the concept of roles influencing access permissions to the degree that RBAC does.