Role-Based Access Control

Under an access control management approach called Role-Based Access Control (RBAC), permissions are defined in terms of roles that are assigned to users and privileges that are assigned to roles. RBAC offers administrative efficiency and the capability to intuitively administer and enforce a wide range of access control policies.

In RBAC, permissions are associated with roles and roles are assigned to users in order to grant user permissions corresponding to those roles. The implementation of this basic concept greatly simplifies access control management. Roles are centrally created for the various job functions in an organization, and users are assigned roles based on criteria such as their positions and job responsibilities. Users can be easily reassigned roles. Roles can be granted new permissions as new applications and systems are incorporated, and permissions can be revoked from roles as needed. For example, if a user moves to a new function within the organization, the user can be assigned to the new role and removed from the old one with associated privileges updated automatically. In the absence of RBAC, the user’s old privileges would have to be individually identified and revoked, and new privileges would have to be granted.

Although RBAC represents a clear improvement over simple table lookup models of the access control matrix (data structures such as access control lists), the RBAC model does not solve all access control and privilege management problems. Discovering and defining roles and mapping roles to enterprise resources and applications, commonly referred to as role engineering, are costly and difficult.

Ultimately, access control should be redefined and re-engineered from the ground up to reflect the increasing scale and complexity of networks and systems of systems. The goal should be a redefinition that preserves access control advancements while providing a generalized context to accommodate well-known and ad hoc access control policies, is easy to deploy and manage, and is safe in its configuration.