Role-Based Access Control (RBAC)

What is Role-Based Access Control?

Role-Based Access Control (RBAC) is a method of regulating access to resources based on the roles of individual users within an organization. Instead of assigning permissions directly to users, permissions are assigned to roles, and users are assigned to roles.

Core Concepts

Users: Individual accounts Roles: Named collections of permissions Permissions: Allowed actions on resources Sessions: User's active roles

RBAC Models

RBAC0 (Core)

• Users assigned to roles
• Roles have permissions
• Basic model

RBAC1 (Hierarchical)

• Role inheritance
• Senior roles inherit junior permissions
• Reduces redundancy

RBAC2 (Constrained)

• Separation of duties
• Cardinality constraints
• Prerequisite roles

RBAC3 (Consolidated)

• Combines RBAC1 and RBAC2
• Full feature set

Implementation Example

Role: Developer
  - Read: source code
  - Write: source code
  - Execute: CI/CD pipelines

Role: Security Admin
  - Read: security logs
  - Write: security policies
  - Execute: vulnerability scans

User: Alice
  - Roles: [Developer]

User: Bob
  - Roles: [Developer, Security Admin]

Benefits

• Simplified administration
• Reduced errors
• Compliance support
• Scalability
• Audit capability

RBAC vs. ABAC