How does role-based access control differ from attribute-based access control in SailPoint?

Role-based access control (RBAC) and attribute-based access control (ABAC) are two distinct approaches to managing permissions and access in systems like SailPoint, and understanding the key difference between them is crucial for effective identity governance.

The correct choice highlights that role-based access control assigns permissions based on predefined user roles within an organization. In this model, users are grouped according to their job functions or responsibilities, and those roles come with specific access rights. For example, an employee might belong to a "Finance" role, granting them access to sensitive financial information necessary for their job.

On the other hand, attribute-based access control assigns permissions based on specific attributes or characteristics of users rather than their assigned roles. These attributes could include user department, clearance level, project association, or even contextual factors like location or time of access. This approach allows for more granular and dynamic access control since decisions can adapt to varying circumstances based on the user's situation rather than relying solely on their role.

In summary, the distinction lies in the criteria used for granting access: roles for RBAC and attributes for ABAC. This foundational understanding helps clarify why option A accurately represents the difference between the two models in SailPoint.