CISA Certified Information Systems Auditor – Question1470
An organization is using an enterprise resource management (ERP) application. Which of the following would be an effective access control? A. User-level permissions B. Role-based C. Fine-grained D. Discretionary
Correct Answer: B
Explanation:
Explanation:
Role-based access controls the system access by defining roles for a group of users. Users are assigned to the various roles and the access is granted based on the user’s role. User-level permissions for an ERP system would create a larger administrative overhead. Fine-grained access control is very difficult to implement and maintain in the context of a large enterprise.
Discretionary access control may be configured or modified by the users or data owners, and therefore may create inconsistencies in the access control management.
Please disable your adblocker or whitelist this site!