Role-Based Access Control

Why Trust Techopedia

What Does Role-Based Access Control Mean?

Role-based access control (RBAC) is a method of access security that is based on a person’s role within a business. Role-based access control is a way to provide security because it only allows employees to access information they need to do their jobs, while preventing them from accessing additional information that is not relevant to them. An employee’s role determines the permissions he or she is granted and ensures that lower level employees are not able to access sensitive information or perform high-level tasks.

Advertisements

Techopedia Explains Role-Based Access Control

In RBAC, there are three rules:

  1. A person must be assigned a certain role in order to conduct a certain action, called a transaction.
  2. A user needs a role authorization to be allowed to hold that role.
  3. Transaction authorization allows the user to perform certain transactions. The transaction has to be allowed to occur through the role membership. Users won’t be able to perform transactions other than the ones they are authorized for.

All access is controlled through roles that people are given, which is a set of permissions. An employee’s role determines what permissions he or she is granted. For example, a CEO will be given the role of CEO and have any permissions associated with that role, while network administrators will be given the role of network administrator and will have all the permissions associated with that role.

Advertisements

Related Terms

Margaret Rouse
Technology Expert
Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.