Which access control method permits only users who are managers to access specific data?

Role-based access control (RBAC) is the correct answer because it is specifically designed to manage permissions based on the roles assigned to users within an organization. In this context, when users are defined as "managers," they are given access rights based on their role, which allows them to interact with specific data that is pertinent to their position.

RBAC simplifies the administration of permissions by grouping individuals according to their roles rather than by individual identities, making it efficient to manage access to resources and ensuring that only those with the appropriate responsibilities, such as managers, can access certain data. This method enhances security by limiting access based on defined roles rather than by individual discretion or arbitrary assignments, which is essential for maintaining data confidentiality and integrity.

In contrast, other methods like discretionary access control or mandatory access control would not specifically limit access solely to users with the "manager" role. Discretionary access control allows users to control access to their own resources based on their preferences, while mandatory access control operates on predefined security levels that cannot be overridden by users. These methods do not focus on roles in the same systematic way that RBAC does.