CISSP Practice Exam 2025 – Complete Prep Guide

In Role-Based Access Control (RBAC), permissions are assigned to roles rather than to individual users. This means that permissions are grouped according to defined roles, which simplifies the management of user permissions and enhances security. By associating permissions with roles, organizations can ensure that individuals only have access to the information and functions necessary for their specific job responsibilities. This approach not only streamlines the administration of permissions but also helps enforce the principle of least privilege, ensuring that users cannot access resources that are not required for their role.

Other options do not accurately reflect the RBAC approach. For example, assigning permissions based on individual user accounts creates complexity and can lead to errors, making management more difficult. Defining permissions solely by the user's request does not maintain control over what users can access and can lead to inappropriate access. Lastly, permissions based on public approval are not a structured or secure method for access control and do not align with the intent of RBAC, which relies on predefined roles and responsibilities.