Which access control model is specifically focused on roles assigned to users?

Role-based access control (RBAC) is the correct answer because it operates on the principle of assigning access permissions based on the roles that users hold within an organization. In this model, users are assigned specific roles, and each role is granted particular access rights to resources. This simplifies management, as permissions can be adjusted at the role level rather than individually for each user, making it easier to ensure that users have the appropriate level of access required for their job functions.

In contrast, mandatory access control (MAC) enforces access policies based on classifications and labels assigned to both resources and users and does not primarily focus on user roles. Discretionary access control (DAC) allows resource owners to make decisions about who is allowed to access specific resources, again not centered on user roles but more on individual permissions. Lastly, attribute-based access control (ABAC) utilizes a set of attributes (which may include user attributes, resource attributes, and environmental conditions) to determine access rights, rather than strictly defining access based on roles. Thus, RBAC's foundation in roles makes it uniquely suited to the context of managing user access rights effectively based on their assigned responsibilities.