2243

Role-based access control examples | RBAC explained

Published by Alex Olivier on December 25, 2023
Role-based access control examples | RBAC explained

Role-based access Ccntrol or RBAC is a method of governing system access and activity based on roles assigned to system users. With RBAC, the sysadmin assigns permissions to each role and each role can be assigned to as many or as few users as necessary. It is these permissions that enable, or by omission restrict, the potential activity of the user. 

How RBAC works

The permissions assigned to each role in role-based access control provide the user with only as much access as they need to perform their work. No more, no less. With this method of access control lower level employees are prevented from accessing and potentially manipulating or misusing (intentionally or otherwise) sensitive information. Permissions in RBAC typically fall into 3 categories:

  • Permission to modify (i.e. creating, editing, deleting etc…)
  • Permission to access various applications
  • Permissions within those applications

If RBAC is designed and assigned correctly, no further changes should be necessary to the user’s access profile as long as they have a given role assigned to them. Should their status within the company change by way of promotion a new role with more wide-ranging permissions would likely be assigned that enables the user to carry out their new responsibilities.

Role-based access control examples

Role-based access control enables organizations to create a variety of roles with attendant permissions that can be assigned to any new hire, or to users within the organization whose responsibilities change over time. For example: 

  • A marketing role may provide the user access to the Content Management System (CMS), Google Analytics, Facebook Ads or Google Ads.
  • A finance role may provide access to accounting software or the billing systems, Xero or ADP.
  • A human resources role may be given access to personnel files and other HR-related tools such as Oracle Cloud Human Capital Management or Paycor.

The permissions assigned to each role enable the user to perform their job without hindrance. Should they determine they do not have access to all the resources necessary to do their work, they can petition to have their permissions expanded. In such cases the sysadmin may add permissions to their role, or more likely, simply assign them a different role that comes with the necessary permissions.

Conclusion

Role-based access control is typically used when an organization has a well-defined user base. It enables organizations to allow or restrict system access based on a given employee’s duties and responsibilities.

GUIDE

Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team

Related Articles

The Security Repo podcast: Why authorization matters more than you may think | Cerbos

The Security Repo podcast: Why authorization matters more than you may think | Cerbos

Emre Baran on April 28, 2024
PRESENTATION
GUIDE
How to Implement Authorization in React JS

How to Implement Authorization in React JS

Avinash Dalvi and Rohit Ghumare on April 23, 2024
GUIDE
INTEGRATION
The Scripting Den podcast: Exploring the evolution of security post-MVP | Cerbos

The Scripting Den podcast: Exploring the evolution of security post-MVP | Cerbos

Alex Olivier on April 21, 2024
PRESENTATION
GUIDE
We use cookies and other forms of website navigational information to offer you a better browsing experience, analyze site traffic, personalize content, and serve targeted ads. Read about how we use cookies in our Privacy Policy. If you continue to use this site, you consent to our use of cookies.