Which of the following access control types would give a system administrator the ability to assign access according to least privilege?

The concept of least privilege is fundamental in access control, aiming to ensure that users have only the minimum level of access necessary to perform their job functions. Discretionary access control (DAC) allows owners of resources to make decisions about who can access those resources and how they can be accessed. This provides the flexibility for system administrators to grant access based on the specific needs and roles of users, aligning perfectly with the principle of least privilege.

In a discretionary model, administrators can tailor permissions at a granular level, potentially restricting access for users who do not require it for their roles—thereby adhering to the least privilege principle. System administrators can effectively evaluate user needs and determine what resources they need access to, allowing them to assign rights on a case-by-case basis.

Other types of access control, such as role-based, rule-based, and mandatory access controls, serve different purposes and operate under other principles. For example, while role-based access control can also support the least privilege principle through predefined roles, it may not offer the same level of granularity and flexibility as DAC, which is user-centric. Rule-based access control operates based on set rules and conditions that might not always allow for individualized, discretionary assignments. Mandatory access control, on the other hand,