Which access control method allows an administrator to set specific rules for resource access?

The selection of Rule-Based Access Control as the correct access control method is appropriate because it enables administrators to formulate and enforce specific rules governing access to resources. This approach is particularly dynamic, allowing for fine-tuning of permissions based on predetermined criteria, such as user attributes, time of access, or specific conditions under which access is permitted.

In Rule-Based Access Control, the rules can dictate who can access a resource and under what circumstances, ensuring a granular level of security. This is especially useful in environments where compliance and security are critical, as the control can adapt to varied conditions and requirements without needing to modify access permissions on a case-by-case basis.

Mandatory Access Control, in contrast, employs a policy-based paradigm where access is predetermined based on the classification levels of users and data, limiting the flexibility that Rule-Based Access Control provides. Discretionary Access Control allows users to own and manage their own resources and determine who can access them, focusing more on user discretion rather than specific, enforceable rules steered by an administrator. Privileged Access Management is primarily concerned with controlling and monitoring access rights for users with elevated permissions but does not itself establish a framework of specific rules for general resource access.