Which type of access control restricts access based on user roles within an organization?

The correct choice focuses on Role-Based Access Control (RBAC), which is a security mechanism that restricts network access based on a user's role within an organization. In this model, access permissions are assigned to roles rather than individuals. When a user is assigned a role, they automatically gain the permissions associated with that role, allowing for efficient management of user privileges.

This system is particularly beneficial for organizations as it simplifies the administration of security policies and ensures that users have access only to the information and resources necessary for their job functions. It also enhances security by minimizing the risk of unauthorized access, as roles can be clearly defined and easily adjusted as needed through organizational changes or user role reassignments.

In contrast, the other types of access control systems address permissions differently. Mandatory Access Control (MAC) enforces a system-wide policy that restricts access based on predetermined security classifications. Discretionary Access Control (DAC) allows users to control access to their own resources, enabling them to grant permissions as they see fit. Attribute-Based Access Control (ABAC) makes access decisions based on attributes (user attributes, resource attributes, and environment conditions), providing a more dynamic and context-aware approach.

Overall, RBAC’s role-centric approach provides a clear and