How do RBAC and ABAC differ in terms of permission assignment?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Enhance your NSF Specialist Training skills. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

How do RBAC and ABAC differ in terms of permission assignment?

Explanation:
Permissions are assigned based on what controls access. In RBAC, access is granted through roles; each role has a defined set of permissions, and users gain those permissions by being assigned to a role. This makes administration straightforward when many users share the same duties, since you manage permissions at the role level rather than for each individual. ABAC, by contrast, bases decisions on attributes: attributes of the user (like department or clearance), the resource (its sensitivity), the action being taken, and the context (time, location). Policies evaluate these attributes to permit or deny access, enabling more granular and dynamic control without relying on fixed roles. Therefore, RBAC assigns permissions by role, while ABAC uses attributes, which is the main distinction. The other statements misstate the relationship, describe something unrelated to permission assignment, or claim the two approaches are identical.

Permissions are assigned based on what controls access. In RBAC, access is granted through roles; each role has a defined set of permissions, and users gain those permissions by being assigned to a role. This makes administration straightforward when many users share the same duties, since you manage permissions at the role level rather than for each individual.

ABAC, by contrast, bases decisions on attributes: attributes of the user (like department or clearance), the resource (its sensitivity), the action being taken, and the context (time, location). Policies evaluate these attributes to permit or deny access, enabling more granular and dynamic control without relying on fixed roles.

Therefore, RBAC assigns permissions by role, while ABAC uses attributes, which is the main distinction. The other statements misstate the relationship, describe something unrelated to permission assignment, or claim the two approaches are identical.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy