Skip to main content

Home Role-Based Access Control

Role-Based Access Control

(also RBAC, Role-Based Security)

Geoblocking definition

Role-Based Access Control is a framework for managing and enforcing security. It grants access rights to roles, instead of individual users. This structure aims to mirror an organization's structure. That way, the process of access control is more scalable and manageable.

See also: access control system, access management, access control entry, discretionary access control, network access control, mandatory access control, risk-based access control, access management

Core Concepts of RBAC:

Roles: Created based on job duties. Examples might include 'Administrator', 'Clerk', or 'Writer'.

Users: Individual participants in the system.

Permissions: The specific actions a role can perform, such as edit, view, or delete.

Key Elements of RBAC:

User-to-Role Mapping. Users are linked to one or several roles.

Role-to-Permission Connection. Dictates the tasks a specific role can execute.

Role Hierarchies. Higher roles can have the permissions of lower roles, e.g.: A 'Lead Writer' might have the rights of a basic 'Writer'.


Ease of Scaling: As the number of users grows, managing permissions remains streamlined through roles.

Simplified Management: If job roles shift, only the associated RBAC role needs modification, not the individual user permissions.

Clear Auditing: Defined roles make it way easier to inspect and ensure compliance.

Types of RBAC:

Flat RBAC: Users are connected to roles, and roles have permissions. No further complexities.

Hierarchical RBAC: Some roles possess the rights of others based on a set hierarchy.

Constrained RBAC: Some roles have mutually exclusive rights to prevent potential conflicts. For example, someone who creates invoices might not be allowed to approve them.