Role-Based Access Control (RBAC) is an authorization model that simplifies the administration of user permissions, especially in complex, large-scale environments like cloud architectures. Its primary advantage is abstracting permissions into roles (e.g., 'administrator', 'developer', 'auditor'). Instead of assigning numerous, granular permissions directly to each user, administrators assign users to predefined roles. When a user's job function changes, an administrator only needs to change their role assignment rather than reconfiguring a multitude of individual permissions. This approach significantly reduces administrative overhead, minimizes errors, and facilitates the enforcement of the principle of least privilege by ensuring users only have the access necessary for their roles.

A. It allows users to access all resources without restrictions.

This is incorrect. RBAC is a method of restricting access based on a user's defined role, not granting universal access.

C. It eliminates the need for user authentication.

This is incorrect. RBAC is an authorization mechanism that determines what an authenticated user can do; it functions after successful authentication.

D. It automatically encrypts all user data.

This is incorrect. RBAC is an access control model concerned with permissions, while data encryption is a separate security control for protecting data confidentiality.

1. National Institute of Standards and Technology (NIST). (2004). The NIST Model for Role-Based Access Control: Towards a Unified Standard. In this foundational document

it is stated

"The centrally controlled

many-to-many correspondence between users and permissions in RBAC provides a high degree of administrative convenience." (Page 1

Section 1

Paragraph 2).

2. Cloud Security Alliance (CSA). (2017). Security Guidance for Critical Areas of Focus in Cloud Computing v4.0. In the Identity & Access Management domain

the guide explains that RBAC simplifies administration: "RBAC is a popular model for enforcing authorization... It simplifies the administration of permissions by associating them with roles

which are then assigned to users." (Page 81

Domain 5: Identity & Access Management).

3. Sandhu

R. S.

Coyne

E. J.

Feinstein

H. L.

& Youman

C. E. (1996). Role-based access control models. Computer

29(2)

38-47. This seminal academic paper on RBAC states

"A major motivation for RBAC is the desire to simplify administration of permissions." (Page 39

Section "RBAC Framework"). DOI: https://doi.org/10.1109/2.485845

4. National Institute of Standards and Technology (NIST). (2014). Special Publication 800-162: Guide to Attribute Based Access Control (ABAC) Definition and Considerations. When comparing models

this guide notes

"In the RBAC model

permissions are associated with roles

and users are assigned to appropriate roles. This simplifies the management of permissions for individual users." (Page 6

Section 2.2

Paragraph 1).