Question

N the context of access control, what security concept is applied when Prachi, a database administrator, is allowed to add or delete users but cannot read or modify the database data?

A) Least Privilege Principle
B) Role-Based Access Control (RBAC)
C) Mandatory Access Control (MAC)
D) Access Control List (ACL)

Answer 1

The concept where a database administrator is only allowed specific actions such as adding or deleting users without permission to read or modify data is known as the Least Privilege Principle.

Step-by-step explanation:

In the context of access control, the security concept that is applied when Prachi, a database administrator, is allowed to add or delete users but cannot read or modify the database data is A) Least Privilege Principle. This principle dictates that users should only be granted permissions that are essential to perform their duties. By restricting Prachi's abilities to only adding or deleting users, her access is limited to what is necessary for her role, thus minimizing the potential for unauthorized access or breach.