Which access control model uses preconfigured rules to grant access?

The correct answer focuses on Rule-Based Access Control (RBAC), which specifically utilizes preconfigured rules to determine access permissions. In this model, access decisions are based on a set of established policies or rules that dictate who can do what, based on specific criteria. This automation allows for consistent enforcement of security policies without requiring constant human intervention.

Rule-Based Access Control is particularly effective in environments where access needs to be tightly controlled based on predefined conditions or scenarios. This model allows organizations to apply complex logic and rules to determine access, making it versatile for various security requirements, especially where regulatory compliance or specific operational needs are concerned.

In contrast, Mandatory Access Control (MAC) relies on classifications and labels assigned to resources and users, making access decisions based on a more hierarchical method of access management rather than preconfigured rules. Attribute-Based Access Control (ABAC) considers a range of attributes, such as user roles, resource types, and environmental conditions, to make access decisions on-the-fly, which differs from the structured approach of rule-based access. Role-Based Access Control (RBAC), despite sharing an acronym with Rule-Based Access Control, primarily grants access based on the roles assigned to users rather than the explicit rules that dictate what each role can do.