beginner

What is Role-based Access Control (RBAC)?

RBAC is a method of restricting system access to authorized users based on their roles within an organization. It assigns permissions to roles rather than individuals.

Click to reveal answer

beginner

Name the three main components of RBAC.

The three main components are: Roles, Permissions, and Users. Roles group permissions, and users are assigned to roles.

Click to reveal answer

intermediate

How does RBAC improve security compared to assigning permissions directly to users?

RBAC simplifies management by assigning permissions to roles, reducing errors, and ensuring users only have access needed for their job, which lowers security risks.

Click to reveal answer

beginner

What is the principle of least privilege in RBAC?

It means users get only the minimum permissions necessary to perform their tasks, reducing the chance of misuse or accidental damage.

Click to reveal answer

beginner

Give an example of a role in RBAC and the kind of permissions it might have.

Example: A 'Manager' role might have permissions to approve requests, view reports, and manage team members, but not to change system settings.

Click to reveal answer

What does RBAC primarily use to control access?

AIP addresses

BUser passwords

CUser roles

DTime of access

Which of the following is NOT a component of RBAC?

ARoles

BEncryption keys

CUsers

DPermissions

What principle does RBAC help enforce by limiting user permissions?

APassword complexity

BMaximum access

COpen access

DLeast privilege

In RBAC, who is assigned to roles?

AUsers

BPermissions

CServers

DApplications

Why is RBAC easier to manage than assigning permissions directly to users?

ABecause roles group permissions, reducing complexity

BBecause users never change

CBecause it uses passwords

DBecause it ignores permissions

Explain how Role-based Access Control (RBAC) works and why it is useful in managing system security.

Describe the principle of least privilege and how RBAC supports this principle.