An organization implements role-based access control (RBAC) but assigns so many roles to each user that role explosion occurs—the average user has 15 different roles assigned. What is the MOST significant consequence of this implementation?

Home › MCQs › CISA › Question #6856

CISA QUESTION #6856

Question 1

Excessive administrative overhead
RBAC provides no effective access control—violating least privilege principle✔️
Complex role management
User confusion

Correct Answer Explanation

Role explosion defeats RBAC's purpose of simplifying access management through defined roles. When users accumulate many roles, they likely have excessive privileges that violate least privilege. The system becomes as complex as individual user permissions while losing RBAC's benefits. This indicates poor role design and lack of periodic access review.

More Options