User roles and permissions examples

Published by Alex Olivier on March 11, 2024
image

Role-Based Access Control, or RBAC, is a way of enabling users to access the digital resources they need to perform their job. As the name implies, roles are created by the system administrator that reflect the different responsibilities assigned to user groups, managerial levels and so on.

Each role is then assigned permissions that enable access to the system resources someone in that position or group would require to carry out their responsibilities. When a new person is hired, they are assigned one of these predefined roles. Custom roles may also be created that provide a degree of differentiation within a given user group.

Some typical examples of user roles and the permissions assigned to them

The following represent examples of user roles and their attendant permissions one might find in a given organization.

  • Admin: A user with this role will have full access to system resources. They will be able to add new users, modify global settings, assign and remove permissions and more. They are able to access all digital resources and determine who gets to see and do what.
  • Supervisor: Supervisors typically have wide-ranging access to system resources but they may not have permission to create new accounts, delete old accounts or modify global settings.
  • User: Users range from those who are able to view but not alter a limited amount of system content, to those who can view, edit, share, download, delete and otherwise manipulate the resources they have permission to access.

Common permissions

A user role is, in essence, a collection of permissions. Some common examples of permissions include:

  • Read: This is one of the most basic permissions and enables the user to read existing content without being able to alter it in any way.
  • Create: This enables a user to create a new piece of content that will become part of the company’s digital resources. Once created the file becomes the property of the organization, not the person who created it.
  • Edit: This is another very common permission. This enables the user to make changes to existing resources. Typically, however, a user with edit privileges will only be able to edit specific files directly related to their job.
  • Delete: This enables the user to delete an organizational resource from the system. As is the case with editing, the ability to delete resources is typically limited to only those files or other resources directly related to the user’s job.
GUIDE

Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team