The Identity Blog

Everything you need to know about Role Based Access Control (RBAC)

The Identity Governance and Administration (IGA) domain commonly uses Role-Based Access Control (RBAC). To define this term, it is important to first understand what is meant by ‘Role’, ‘Access’, and ‘Control’.

So, what exactly is meant by ‘Role’?

The term ‘Role’ can have multiple definitions and applications. However, at 1Trooper, we aim to simplify its meaning. When we refer to roles, we are usually referring to either an identity’s ‘category’ or ‘job role’.

A category is a method of grouping identities within an organization that shares common access permissions, irrespective of their job roles. For example, categories could include ‘Contractors’, ‘Permanent staff’, ‘Students’, or ‘Lecturers’.

On the other hand, a job role refers to a specific job function within an organization. This job function could comprise a particular set of skills or actions an identity performs. Examples of job roles could be ‘Business lecturer’, ‘Consultant’, ‘Asset finance controller’, ‘Remote worker’, or ‘Office worker’.

What is meant by the term ‘Access’?

In simple terms, ‘Access’ refers to providing individuals within your organization, such as staff, contractors, or students, with the ability to use the necessary applications or tools to perform their duties.

In technical jargon, the applications or tools required are referred to as ‘resources’. These resources can include applications, hardware, user accounts, Active Directory group memberships, or application entitlements.

Application entitlements, in particular, are specific permissions within an application that, when assigned to an individual, grant them elevated privileges within the application or restrict their actions within it.

What is meant by the term ‘Control’?

Through 1Trooper, it is possible to manage access by granting or revoking it as necessary. This means that you can regulate when, how, or what type of access an individual is provided.

For instance, when someone joins your organization, 1Trooper automatically grants access to the resources they require, based on their category or job role. This is referred to as a ‘Birthright’. Similarly, access to resources is also granted based on an individual’s job role.

1Trooper consistently assesses and regulates the set of resources that an individual should have access to, based on their category and job roles. When an individual leaves the organization, their access to resources is revoked to reduce security risks.

What does RBAC mean without the buzzwords?

In simple words, RBAC is a process that controls who has access to what in the organization. The ‘Who’ and ‘What’ is actually determined by the role that an individual has, i.e, the category and job role.

How does this relate to 1Trooper?

1Trooper simplifies and automates the RBAC process for your organization, making it more intuitive and user-friendly. This helps to minimize the manual effort required to manage access to identities within your organization.



Write a comment