What is RBAC?

What is Role Based Access Control (RBAC)?

Role Based Access Control - RBAC is a method for setting up authorization management within an organization. With this method, authorizations are not assigned on an individual basis but are based on RBAC roles which are designated by an employee's department, position, location, cost center, and possibly other factors, in the organization. These RBAC roles are generally recorded in RBAC matrix.

Pyramid model

A good way of assigning authorizations and populating the RBAC matrix is in the form of a pyramid. At the peak of the pyramid is the organization itself, the top, followed by the department, position and finally the individual - ground level. The pyramid is populated and on the top level -organization and location - there are authorizations which apply to everyone in the organization such as logging in, word-processing and e-mail. This section can be completed almost immediately.

The authorizations for each department/position can then be added –for example access to departmental shares and applications. Here it's helpful to focus on the top fifty combinations of department and position in terms of employees as a start. The HRM system is an excellent source for determining the combinations.

Detailed authorizations

Assigning detailed authorizations can be performed on an ad-hoc basis by a manager, using a workflow for instance. A workflow is utilized via an e-mail notification and/or a web form, to ask the appropriate manager what the specific rights and applications should be for their employees. The RBAC software can then record the choices the manager makes and this information can be used to define the RBAC table further, ultimately achieving a fully-populated RBAC table.