Role-based access control MCQs in DBMS

1. What is the primary purpose of Role-Based Access Control (RBAC) in a DBMS?

(A) To encrypt data stored in the database

(B) To define user roles and assign permissions based on these roles

(D) To handle database backups and recovery

2. In RBAC, what is a “role”?

(A) A set of data encryption keys

(B) A specific function or job description within the organization

(D) A set of database tables

3. What is the main benefit of using RBAC over Discretionary Access Control (DAC)?

(A) RBAC is simpler to implement and manage in large organizations

(B) RBAC provides finer-grained access control

(D) RBAC allows for more flexible permission assignments

4. Which of the following best describes the concept of “least privilege” in RBAC?

(A) Users are given the maximum permissions possible

(B) Users are granted only the permissions necessary to perform their roles

(D) Users have unlimited access to all database resources

5. In RBAC, what does “role inheritance” refer to?

(A) The ability of a role to inherit permissions from another role

(B) The process of transferring data ownership between users

(D) The process of encrypting user passwords

6. Which of the following statements is true about role assignments in RBAC?

(A) Roles can be assigned to users directly or through groups

(B) Roles are assigned based on user preferences

(D) Roles are assigned based on the user’s location in the organization

7. What is a “role hierarchy” in the context of RBAC?

(A) A system for encrypting roles

(B) A hierarchical structure where roles can inherit permissions from other roles

(D) A way to restrict role assignments to specific departments

8. In RBAC, what is the difference between “role-based” and “attribute-based” access control?

(A) Role-based access control uses attributes to determine permissions, while attribute-based access control uses roles.

(B) Role-based access control assigns permissions based on roles, while attribute-based access control assigns permissions based on user attributes.

(D) Attribute-based access control does not use roles at all.

9. What is the typical role of a “security administrator” in an RBAC system?

(A) To manage database performance

(B) To handle data encryption

(D) To perform regular backups of the database

10. How does RBAC help in regulatory compliance and auditability?

(A) By providing detailed logs of all database transactions

(B) By simplifying the process of granting and revoking permissions

(D) By automating the encryption of all data

11. In RBAC, what is a “user role assignment”?

(A) The process of creating a new database table

(B) The action of assigning a role to a user or group of users

(D) The assignment of roles to database objects

12. What is the role of “permission” in an RBAC system?

(A) To define the data encryption standards

(B) To determine the actions a user can perform on database objects

(D) To create and modify database schemas

13. What does “RBAC” stand for?

(A) Role-Based Access Control

(B) Random-Based Access Control

(D) Role-Based Authentication Control

14. Which RBAC component specifies what operations a user can perform on database objects?

(A) Role

(B) Permission

(D) Session

15. In RBAC, how can roles be used to simplify user management?

(A) By assigning roles based on user preferences

(B) By grouping permissions into roles and assigning roles to users rather than managing individual permissions

(D) By encrypting user data