If a database manager can add or remove users but cannot read the data, this illustrates what type of access control?

The scenario described demonstrates role-based access control (RBAC) because the permissions granted to the database manager are based on their specific role within the organization. Under RBAC, access rights are assigned to roles rather than individual users, allowing for streamlined management of user permissions.

In this case, the database manager has the capability to manage user accounts, such as adding or removing users, but does not have permission to read the actual data in the database. This separation of duties is a hallmark of role-based access control, where individuals are given access according to their responsibilities and the principle of least privilege is maintained.

This method is beneficial for organizations as it simplifies the administration of user rights, aligns permissions with organizational roles, and reduces the risk of unauthorized data access. It ensures that individuals can perform their necessary functions without being granted access to more sensitive data than required.

The other options represent different access control models. Mandatory access controls (MAC) involve strict policies where access is regulated by a central authority based on security classifications and labels. Discretionary access controls (DAC) allow users to control access to their own resources. Alleviating threat access controls (ATAC) is not a recognized standard in access control frameworks, further emphasizing that RBAC is the most accurate