Home

RBAC

RBAC, or role-based access control, is an access control paradigm that restricts system access based on the roles assigned to users rather than the identities of individual users. In an RBAC model, roles encapsulate a set of permissions to perform operations on resources, and users gain those permissions by being assigned to appropriate roles. A user may also activate a subset of roles during a session to suit a task.

Key concepts include users, roles, permissions, and role assignments. Permissions describe actions on resources, such as

Role hierarchies enable permission inheritance, where higher-level roles accumulate the permissions of lower-level roles. SoD (separation

Administration involves defining roles, assigning permissions, provisioning users to roles, and periodically reviewing access. RBAC is

Benefits include scalable administration, clearer access control mappings to organizational structure, and improved compliance. Limitations include

read,
write,
or
delete.
A
role
represents
a
job
function
or
organizational
responsibility.
A
session
allows
a
user
to
select
which
of
their
roles
are
active.
Constraints,
such
as
separation
of
duties
or
cardinality
limits,
help
enforce
policy.
of
duties)
constraints
prevent
conflicting
responsibilities
from
being
performed
by
the
same
individual,
while
cardinality
and
delegation
constraints
govern
how
many
roles
a
user
may
hold
and
how
roles
may
be
shared.
widely
implemented
in
operating
systems,
databases,
enterprise
applications,
and
cloud
IAM
platforms.
It
supports
auditing
and
policy
enforcement
and
is
often
used
to
implement
principle
of
least
privilege
across
large
organizations.
role
explosion,
drift
between
roles
and
actual
privileges,
and
limited
support
for
dynamic,
context-dependent
access.
In
practice,
RBAC
is
frequently
used
in
combination
with
attribute-based
controls
to
handle
more
granular
or
contextual
requirements.