Role-based access control examples | RBAC explained

Published by Alex Olivier on December 25, 2023
image

Role-based access Ccntrol or RBAC is a method of governing system access and activity based on roles assigned to system users. With RBAC, the sysadmin assigns permissions to each role and each role can be assigned to as many or as few users as necessary. It is these permissions that enable, or by omission restrict, the potential activity of the user. 

How RBAC works

The permissions assigned to each role in role-based access control provide the user with only as much access as they need to perform their work. No more, no less. With this method of access control lower level employees are prevented from accessing and potentially manipulating or misusing (intentionally or otherwise) sensitive information. Permissions in RBAC typically fall into 3 categories:

  • Permission to modify (i.e. creating, editing, deleting etc…)
  • Permission to access various applications
  • Permissions within those applications

If RBAC is designed and assigned correctly, no further changes should be necessary to the user’s access profile as long as they have a given role assigned to them. Should their status within the company change by way of promotion a new role with more wide-ranging permissions would likely be assigned that enables the user to carry out their new responsibilities.

Role-based access control examples

Role-based access control enables organizations to create a variety of roles with attendant permissions that can be assigned to any new hire, or to users within the organization whose responsibilities change over time. For example: 

  • A marketing role may provide the user access to the Content Management System (CMS), Google Analytics, Facebook Ads or Google Ads.
  • A finance role may provide access to accounting software or the billing systems, Xero or ADP.
  • A human resources role may be given access to personnel files and other HR-related tools such as Oracle Cloud Human Capital Management or Paycor.

The permissions assigned to each role enable the user to perform their job without hindrance. Should they determine they do not have access to all the resources necessary to do their work, they can petition to have their permissions expanded. In such cases the sysadmin may add permissions to their role, or more likely, simply assign them a different role that comes with the necessary permissions.

Conclusion

Role-based access control is typically used when an organization has a well-defined user base. It enables organizations to allow or restrict system access based on a given employee’s duties and responsibilities.

GUIDE

Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team