In an organization that employs consultants and permanent staff globally, working on various projects with distinct data access needs, which policy would best enforce access controls that take into account the complexity of roles, location, project assignments, and employment status?
Implementing a model that adjusts based on user, environment, and resource attributes, such as the one used by a large, global consulting firm
Enforcing predefined roles for employees that may vary by project, such as in a typical mid-sized enterprise
Allowing data owners to set privileges based on personal discretion, a common practice in small businesses or startups
Applying policy that restricts system access to certain times, commonly seen in organizations with a standard day shift operation
In this scenario, implementing an access control model that supports dynamic adjustments based on multiple attributes or characteristics is required. The correct approach is to employ a policy that can make access decisions based on user, environment, and resource attributes, which precisely describes the workings of Attribute-Based Access Control. This model is highly adaptive and can accommodate the variable factors mentioned in the scenario, such as varying project assignments and the diverse locations of staff members. Role-Based Access Control, while a solid strategy for defined roles, lacks the granularity and adaptiveness to handle the rapidly changing attributes like project assignments and current location. On the other hand, Discretionary Access Control allows resource owners to make access decisions, which may lead to greater inconsistency and potential security risks, deviating from a strictly enforced organizational-wide access control policy. Time-based access alone is too limited in scope to address the dynamic conditions described and fails to take role, location, and employment status into consideration.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Attribute-Based Access Control (ABAC)?
Open an interactive chat with Bash
How does Role-Based Access Control (RBAC) differ from ABAC?
Open an interactive chat with Bash
What are the potential drawbacks of allowing data owners to set access privileges at their discretion?