In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects based on the organizational security policy.The access controls may be based on: 

Answer options:

A. The societies role in the organization
B. The individual`s role in the organization
C. The group-dynamics as they relate to the individual`s role in the organization
D. The group-dynamics as they relate to the master-slave role in the organization

B

In Non-Discretionary Access Control, when Role Based Access Control is being used, a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on the individual`s role in the organization. Reference(S) used for this question: KRUTZ, Ronald L. & VINES, Russel
D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 33.