Role-Based Access Control (RBAC)

This feature is currently available only to customers participating in a private preview. If you'd like to participate to be among the first to try this feature, ask our support or account team for details.

Role-Based Access Control (RBAC) is a foundational element of Identity Governance Administration (IGA), associating an identity’s role (for example: student, administrator, auditor) with their permissions or levels of access to an organization’s IT systems, software, and data.

Roles group specific resources (applications) and entitlements to simplify and standardize access management.

Example: A writing application may have a "Writer" role that allows users to edit and delete articles and a "Reader" role that only allows users to read articles.

By grouping resources and entitlements into roles, RBAC streamlines the access assignment process, making it easier to provision, manage, and revoke access as users join, move within, or leave the organization.

Scenarios without RBAC

Working without RBAC might be acceptable for a small organization, but can rapidly create get out of hand and cause administrative challenges.

Consider a scenario where there are no roles defined. When a request for a new account comes in, the person creating the account must decide what level and type of access to grant, perhaps by:

  • asking the new user’s manager (in the hope that they know)

  • granting the same access as someone else in the same department or with the same job (though you we don’t know if that person has the right level of access)

  • giving them access to everything (which happens more than you might think)

None of these scenarios is ideal, and can quickly lead to access sprawl, creating significant problems with:

  • Security — because users may have more access than they need, and administrators have no real way of knowing.

  • Efficiency — because time and effort are expended trying to determine what access to provide what access someone actually has (for mandatory audits). 

RBAC enables you to understand the varied access requirements across your organization, and helps prevent access from becoming a "free for all."

Benefits of RBAC

An RBAC-based approach to access offers many advantages, including eliminating guesswork when making access decisions.  

A well-defined RBAC model will specify exactly what level of access each role within the organization should have. The IT administrator doesn’t need to know all the details — only which role the user has, and the rest will follow automatically. 

Even better, you can synchronize role information from an authoritative source which automates the whole process end-to-end. If your HR system is the authoritative source, you can synchronize an identity’s job role from HR and map it to a role in RBAC.

Example: a new user is created in the HR system with a job role of ‘Financial Controller’ and they are automatically granted appropriate access to QuickBooks and Salesforce.