What is role-based access control?
Role-based access control, or RBAC, is an access-control method that places a user into a group sharing identical access levels to a system. With RBAC, the user already has an individual account on the system, but is also added to a group that has access to the same resources.
RBAC relates more to authorization rather than authentication. Authentication verifies the user's account on the system, usually with an identity credential, like a user ID and password. Authorization verifies what data the user is allowed to access after being authenticated.
If a user is authenticated and has access to the system, it doesn't necessarily mean that he or she has access to everything on it.
Groups are assigned based on the security needs of a business or organization. There is no cookie-cutter approach to RBAC. It has to be tailor-made for each system, but that's not necessarily a bad thing. You wouldn't want your marketing staff, for example, to have access to payroll information that should only be visible to, say, human resources. Nor would you want human resources to know about upcoming marketing promotions that should be kept under wraps. With RBAC, everyone, including human resources and marketing, would have their own individual accounts, but their accounts would be part of their respective groups.
When lumping accounts for RBAC, both Active Directory in Windows and LDAP in Unix can be used to create groups.
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.