What is Role Based Access Control (RBAC)?
Role Based Access Control (RBAC) is commonly used within the Identity Governance and Administration (IGA) domain – The easiest way to define this term, would be to define what we mean by a ‘Role’, ‘Access’ and ‘Control’.
What do we mean by ‘Role’ ?
The word role can have various definitions and use cases. At ideiio, we want to simplify this. When we talk about roles we’re either talking about the identities ‘category’ or ‘job role’.
A category is a way of grouping identities within your organization together who have common access permissions regardless of job role, i.e. ‘contractors’, ‘permanent staff’, ‘students’ or ‘lecturers’.
A job role can describe a job function within an organization. The job function can be a set of skills or actions that an identity carries out e.g. ‘business lecturer’, ‘consultant’, ‘asset finance controller’, ‘remote worker’ or ‘office worker’.
What do we mean by ‘Access’ ?
Put very simply – we mean giving people in your organization (e.g. staff, contractors, students) the capability to use the applications or tools they need to do their job.
The fancy buzzword we use for the tools or applications people need is ‘resources’.
Resources can be applications, Active Directory group memberships, hardware, user accounts or application entitlements that people within your organisation will need.
Entitlements are specific permissions within an application that when assigned to a person grant them elevated privileges within the application or restrict what actions the person can perform within the application.
What do we mean by ‘Control’ ?
With ideiio you can control access by granting or removing it when needed – in other words, you can manage when, how or what access a person is given.
For example, when a person joins your organization, ideiio grants access to one or more resources the person requires based on their category, this is also known as a ‘birthright’. Similarly to category, ideiio also grants resource access to a person based on their role/s.
ideiio constantly evaluates and manages what set of resources a person should have access to based on the identities category and role/s.
When a person leaves, their access to resources would be removed, reducing security risks.
So what does RBAC actually mean without the buzzwords?
Put simply, RBAC is a process for controlling who has access to what in your organization.
The ‘who’ or ‘what’ is determined by the role the person has (category and job role/s).
So how does that relate to ideiio ?
ideiio automates the RBAC process for your organisation in a simple and intuitive way.
This reduces the manual strain your organisation may have in managing access of identities.
Do you have a helpful diagram? – YES WE DO
The diagram below demonstrates an example RBAC configuration.