Role-Based Access Control (RBAC) assigns permissions to roles rather than individual users. A “Finance Analyst” role has access to financial systems, and anyone assigned that role inherits those permissions. When someone changes jobs, administrators modify role assignments rather than individual permissions.
RBAC simplifies access management in large organizations. Instead of managing permissions for thousands of individuals, administrators define roles based on job functions and assign users appropriately. This reduces errors, eases auditing, and ensures consistent access based on responsibilities.
CISSP Relevance
RBAC is a key topic in Domain 5 (Identity and Access Management). Understand how RBAC differs from DAC, MAC, and ABAC. Exam scenarios often ask which model fits a given organizational requirement. Know RBAC components: users, roles, permissions, and sessions.
The foundational standard is NIST RBAC standards.
Related terms: Access Control, Least Privilege