Test Your Knowledge on RBAC and Access Control Schemes

Questions and Answers

What is the main difference between RBAC and Rule-Based Access Control?

• RBAC and Rule-Based Access Control do not assign permissions
• RBAC assigns permissions based on job function while Rule-Based Access Control uses rules (correct)
• RBAC assigns permissions based on a set of rules while Rule-Based Access Control uses job function
• RBAC and Rule-Based Access Control are the same thing

How are permissions assigned in RBAC?

• Based on a set of rules
• Based on job function (correct)
• Based on user preference
• Based on alphabetical order

What is the main difference between Rule-Based Access Control and Attribute-Based Access Control?

• Rule-Based Access Control and Attribute-Based Access Control do not assign permissions
• Rule-Based Access Control assigns permissions based on job function while Attribute-Based Access Control uses rules
• Rule-Based Access Control uses a set of rules to grant or deny access while Attribute-Based Access Control uses more flexible policies (correct)
• Rule-Based Access Control and Attribute-Based Access Control are the same thing

Flashcards are hidden until you start studying

Study Notes

• RBAC is a more practical access control scheme than others
• Permissions are assigned to roles based on job function
• Users are then assigned to those roles
• RBAC is role-based, while Rule-Based Access Control (RBAC) uses rules
• RBAC is used to assign permissions to roles like "SysAdmin" and "SalesRep"
• RBAC assigns permissions based on what system admins and sales reps need to complete their tasks
• In RBAC, a new user is assigned a role based on their job function
• Rule-Based Access Control uses a set of rules to grant or deny access
• Attribute-Based Access Control uses more flexible policies than Rule-Based
• ABAC systems use several attributes to determine access policies