Access Control Models

Correct Answer: Discretionary Access Control (DAC)

Discretionary Access Control (DAC) is the best option for this scenario because it allows users to define their own access controls on files and folders while maintaining overall control by an administrator.

Correct Answer: Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) is the best choice for this scenario because it defines access permissions based on the user's job role, which aligns well with the requirement to grant access to specific medical personnel like doctors and nurses.

Correct Answer: Role-Based Access Control

The correct access control model in this scenario is Role-Based Access Control (RBAC). In an RBAC model, access to resources is based on the roles that individual users have within the system. It is especially useful in situations where roles are clearly defined, such as in a company where users only need access to certain resources based on their job. This directly suits the scenario in the question where the company wants to restrict access based on the job roles. Why other answers are wrong: Discretionary Access Control (DAC) lets the users control access to their own data, which is not suitable for this situation as the control needs to be based on the users' job role, not individual discretion. Mandatory Access Control (MAC) is a model in which access is granted via set security policies determined by a central authority. It's not suitable here as it doesn't cater for roles but for broader security policies. Rule-Based Access Control (RB-RBAC) provides access based on a set of predefined rules, not specifically on user roles. Hence, it won't meet the need of the company to limit resource access based on job roles.