Rule-based access control (RBAC) is characterized by:

Rule-based access control (RBAC) focuses on predefined rules that dictate access permissions. In this model, access decisions are made based on specific conditions set within the rules, which can take into account various attributes such as time of access, location, and type of resource being accessed.

This approach allows for a granular level of control and enables organizations to automate and manage access based on established criteria, thereby enhancing security and simplifying the management of user permissions. For example, a rule might grant access to certain data only during business hours or restrict access from certain locations.

The other options, while related to access control, do not fully capture the essence of rule-based access control. Access based on user roles typically refers to role-based access control, where user roles define their permissions. Dynamic adjustment of permissions based on current threats suggests a reactive approach that isn't the hallmark of rule-based systems, which rely on static rules. User-defined access policies imply a level of user control over permissions that does not align with the structured and predefined nature of rule-based access controls.