Which of the following describes a characteristic feature of role-based access control?

The characteristic feature of role-based access control (RBAC) is that access rights are tied to specific user roles. In this model, permissions are assigned not to individual users directly but to roles that represent a set of responsibilities or tasks within an organization. This means that when a user is assigned a particular role, they inherit all the access rights associated with that role, simplifying the management of permissions. For example, all users in a "manager" role may have the same access to sensitive documents, while those in a "staff" role may have restricted access.

This system streamlines the process of managing access rights, as it is easier to update permissions at the role level than to adjust them for each individual user. Thus, when a new employee is assigned to a role, they automatically receive the access necessary to perform their job functions without requiring individual configuration.

The other options describe scenarios that do not reflect the fundamental principles of RBAC. For instance, granting access to all employees would not accurately constitute a controlled approach to access; instead, it represents a more open, less secure policy. Similarly, access based on individual user credentials does not align with the role-centric philosophy of RBAC. Lastly, access that changes frequently without regard to role undermines the