Role-based access control (RBAC)

Role-based access control (RBAC) is a method of access security that is based on a person’s role within a business. Role-based access control is a way to provide security because it only allows employees to access information they need to do their jobs, while preventing them from accessing additional information that is not relevant to them. An employee's role determines the permissions he or she is granted and ensures that lower level employees are not able to access sensitive information or perform high-level tasks.

In RBAC, there are three rules:

1. A person must be assigned a certain role in order to conduct a certain action, called a transaction.
2. A user needs a role authorization to be allowed to hold that role.
3. Transaction authorization allows the user to perform certain transactions. The transaction has to be allowed to occur through the role membership. Users won’t be able to perform transactions other than the ones they are authorized for.

All access is controlled through roles that people are given, which is a set of permissions. An employee's role determines what permissions he or she is granted. For example, a CEO will be given the role of CEO and have any permissions associated with that role, while network administrators will be given the role of network administrator and will have all the permissions associated with that role.