“Role-based and group-based requirements” refer to:
Who can see or modify specific data.
Which roles (e.g., analyst, manager, admin) or groups (e.g., HR, Finance) are granted particular permissions.
In CompTIA Data+ terminology, these are Access requirements:
Define which users/roles/groups can access which data, at what level (read, write, update, delete).
Often implemented through role-based access control (RBAC) and group permissions.
Why the other options don’t fit as closely:
Security requirements (A) – broader category: includes encryption, masking, network security, etc.; access is part of security, but the phrase “role-based and group-based requirements” specifically aligns with access control.
Storage requirements (B) – deal with where and how data is stored (capacity, media, performance, backup).
Use requirements (D) – govern how data can be used (allowed purposes, ethical/legal constraints), not who can access it.
Therefore, an organizational document defining role-based and group-based requirements is specifying Access requirements (C).
CompTIA Data+ Reference (concept alignment):
DA0-001 Objectives – Data governance: access control, roles, and permissions.
Study discussions of role-based access control (RBAC) and how access requirements are documented.
