User roles and permissions examples
Role-Based Access Control, or RBAC, is a way of enabling users to access the digital resources they need to perform their job. As the name implies, roles are created by the system administrator that reflect the different responsibilities assigned to user groups, managerial levels and so on.
Each role is then assigned permissions that enable access to the system resources someone in that position or group would require to carry out their responsibilities. When a new person is hired, they are assigned one of these predefined roles. Custom roles may also be created that provide a degree of differentiation within a given user group.
Some typical examples of user roles and the permissions assigned to them
The following represent examples of user roles and their attendant permissions one might find in a given organization.
- Admin: A user with this role will have full access to system resources. They will be able to add new users, modify global settings, assign and remove permissions and more. They are able to access all digital resources and determine who gets to see and do what.
- Supervisor: Supervisors typically have wide-ranging access to system resources but they may not have permission to create new accounts, delete old accounts or modify global settings.
- User: Users range from those who are able to view but not alter a limited amount of system content, to those who can view, edit, share, download, delete and otherwise manipulate the resources they have permission to access.
Common permissions
A user role is, in essence, a collection of permissions. Some common examples of permissions include:
- Read: This is one of the most basic permissions and enables the user to read existing content without being able to alter it in any way.
- Create: This enables a user to create a new piece of content that will become part of the company’s digital resources. Once created the file becomes the property of the organization, not the person who created it.
- Edit: This is another very common permission. This enables the user to make changes to existing resources. Typically, however, a user with edit privileges will only be able to edit specific files directly related to their job.
- Delete: This enables the user to delete an organizational resource from the system. As is the case with editing, the ability to delete resources is typically limited to only those files or other resources directly related to the user’s job.
FAQ
Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team
Recommended content
Mapping business requirements to authorization policy
eBook: Zero Trust for AI, securing MCP servers
Experiment, learn, and prototype with Cerbos Playground
eBook: How to adopt externalized authorization
Framework for evaluating authorization providers and solutions
Staying compliant – What you need to know
Subscribe to our newsletter
Join thousands of developers | Features and updates | 1x per month | No spam, just goodies.
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.