What Is RBAC?
Role-Based Access Control
RBAC (Role-Based Access Control) assigns permissions to roles, then assigns roles to users. Instead of granting individual permissions to each user, you define roles (admin, editor, viewer) with specific permissions, and assign users to roles. It simplifies permission management at scale.
How RBAC Works
Define roles: Admin (full access), Editor (create/edit content), Viewer (read only). Assign: Alice → Admin, Bob → Editor. When Bob tries to delete content, the system checks his role's permissions — Editor can't delete, so the request is denied. Change Bob to Admin to grant delete access.
Key Concepts
- Roles — Named groups of permissions — Admin, Editor, Viewer, Moderator
- Permissions — Specific actions on resources — create:post, edit:post, delete:post, read:post
- Role Assignment — Mapping users to roles — a user can have multiple roles
Frequently Asked Questions
RBAC vs ABAC?
RBAC is simpler: permissions based on roles. ABAC is more flexible: permissions based on any attribute (time, location, resource owner). Start with RBAC; move to ABAC if you need fine-grained, context-aware policies.