Policy-Based Access Control combines which of the following?

Policy-Based Access Control (PBAC) is designed to manage access rights based on defined policies rather than just on individual user permissions. This approach allows for more dynamic and flexible access management by considering the context of each access request, such as the user’s role, the specific resource being accessed, and applicable compliance requirements.

The correct answer recognizes that PBAC involves a dynamic analysis of access based on user roles and predefined policies. This means that access decisions are made by evaluating real-time conditions and the user's role within the organization, allowing for more nuanced and context-sensitive access control. This is a significant advancement over static permissions, as it adapts to changing circumstances and user needs while aligning with organizational policies.

This focus on dynamic roles and policies helps organizations maintain security while accommodating changes, such as new regulations or shifts in team structure. Such a control system enhances efficiency and compliance compared to alternative systems that may rely on more rigid, traditional access control mechanisms.