Which access control model allows users to have specific access rights based on policies?

The designed access control model that permits users to have specific access rights based on established policies is Role-Based Access Control (RBAC). In RBAC, access rights are assigned to users based on their role within the organization. Each role is associated with predefined permissions, and when a user is assigned to a role, they inherit the access rights associated with that role.

This model simplifies management by allowing administrators to manage permissions at the group level rather than for individual users. By doing so, it enhances security and ensures that users only have access to the information necessary for their job functions, based on the organization's policies. The focus on roles means that access can be efficiently scaled and adapted as individuals change roles or as organizational structures evolve.

In contrast, other models such as Attribute-Based Access Control (ABAC) assign access rights based on user attributes and environmental conditions, which can be more complex. Identity-Based Access Control (IBAC) centers access on the individual user's identity, providing a less flexible approach. Time-Based Access Control (TBAC) restricts access based on time factors, which does not directly correlate with user roles in the same manner RBAC does. Thus, RBAC is uniquely positioned to manage specific access rights aligned with organizational policies effectively.