An organization wants to implement the principle of least privilege for its database administrators. Which approach best achieves this goal?
Trap 1: Implement mandatory access control (MAC) with labels for all data.
MAC is more about classification than granular role-based permissions.
Trap 2: Allow administrators to self-assign permissions as needed.
Self-assignment undermines control and least privilege.
Trap 3: Assign each administrator full database admin rights for simplicity.
Full admin rights violate least privilege.
- A
Implement mandatory access control (MAC) with labels for all data.
Why wrong: MAC is more about classification than granular role-based permissions.
- B
Use role-based access control (RBAC) to grant permissions specific to each administrator's duties.
RBAC aligns with least privilege by scoping permissions to roles.
- C
Allow administrators to self-assign permissions as needed.
Why wrong: Self-assignment undermines control and least privilege.
- D
Assign each administrator full database admin rights for simplicity.
Why wrong: Full admin rights violate least privilege.