Which access control model assigns permissions based on the roles assigned to users, simplifying access management?

Role-based access control assigns permissions based on the roles assigned to users, which simplifies access management. Administrators define roles that reflect job functions and attach the necessary permissions to each role. Users gain access by being placed into one or more roles, so their effective permissions automatically align with their current responsibilities. This makes onboarding, changes in job duties, and enforcing least privilege easier in larger environments, because you manage permissions at the role level rather than for every individual user. Other models operate differently: discretionary access control relies on the owner’s permissions, attribute-based access control bases decisions on user and resource attributes, and rule-based access control uses system-wide rules that can apply regardless of roles.