Role-based access control, or RBAC, is an approach for restricting access to digital resources based on a user’s role in an organization. For instance, under RBAC, a company’s accountant should be able to access corporate financial records but not the content management system used to update the company’s website, while those permissions would be reversed for that company’s web development team.
Just about every organization enforces some kind of access controls on its digital assets—indeed, every operating system in use today has access controls built in. Access controls generally grant specific permissions to (and impose restrictions on) individual users or groups that those users might belong to. What distinguishes the RBAC model from other forms of access control is that the users are grouped together based on the roles they play, and permissions are determined primarily by those roles, rather than being tailored for each individual user. In this article, you’ll learn how RBAC works, and see the advantages and disadvantages of this approach.
More Stories
CISA Launches Playbook to Boost AI Cybersecurity Collaboration
CISA launched the JCDC AI Cybersecurity Playbook to enhance collaboration on AI cybersecurity risks Read More
Multi-Cloud Adoption Surges Amid Rising Security Concerns
A new report from Fortinet reveals increased adoption of multi-cloud strategies and hybrid implementations combining on-premises and public cloud infrastructure...
Chinese PlugX Malware Deleted in Global Law Enforcement Operation
The FBI deleted Chinese PlugX malware from thousands of devices in the US, using a technique developed by French cybersecurity...
Illicit Crypto-Inflows Set to Top $51bn in a Year
Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024 Read More
Phishing False Alarm
A very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to...
Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls
The security provider published mitigation measures to prevent exploitation Read More