A commercial OSINT provider utilizes and reviews data from various sources of publicly available information. The provider is transitioning the subscription service to a model that limit's the scope of available data based on subscription tier. Which of the following approaches would best ensure subscribers are only granted access to data associated with their tier? (Choose two.)
To ensure that subscribers are only granted access to data associated with their subscription tier, the two best approaches are controlling access to data based on the role of users and employing attribute-based access control. Controlling access to data based on roles ensures that specific access permissions correspond to subscription tiers, restricting data access accordingly. Attribute-based access control allows for more granularity by evaluating attributes related to the user, resource, and environment, further ensuring that data access aligns with subscription constraints.
should be BE
Based on the requirement to ensure subscribers are only granted access to data associated with their subscription tier, the two best approaches would be: • B. Controlling access to data based on the role of users. This approach involves defining access permissions based on the roles or subscriptions of users. Each tier of subscription would correspond to a specific role or access level, ensuring that users can only access data appropriate for their subscription tier. • E. Establishing a classification and labeling scheme. By implementing a classification and labeling scheme, the data can be categorized based on sensitivity or subscription tier. Access controls can then be applied based on these classifications, ensuring that subscribers can only access data that corresponds to their subscription level.