/
Role Based Access Control (RBAC)

Role Based Access Control (RBAC)

Owned by Vilhjálmur Hallgrímsson
Last updated: Aug 22, 2023

An administrator is responsible for granting and revoking user access to your account and configuring system settings. The settings determine the system's behavior and what options are available to your users. 

On this page

 

Role-Based Access Control (RBAC) is a dynamic mechanism used to grant or revoke user access to an application. It allows administrators to define roles and associated permissions within the application, determining what actions users are authorized to perform.

Roles are a convenient way to manage user access without modifying individual user permissions. Instead, users are assigned to specific roles, and their access privileges are determined based on those roles. When a person leaves a position or changes roles within the organization, their access can be easily modified by adding or removing them from the corresponding role group.

It is important to distinguish between system roles and organizational roles:

  • Organizational Roles: Organizational roles correspond to the physical roles or responsibilities that individuals hold within the company. Examples of organizational roles could include Account Manager, Truck Driver, Fisheries Officer, License Manager, and so on. These roles are associated with the person's job function or position within the organization.

  • System Roles: System roles, on the other hand, are used to manage user permissions within the application or databases. They define users' specific access rights and privileges within the system. System roles are tied to the functionalities and features of the application, determining what actions users can perform.

Within RBAC, users can be assigned one or multiple system roles defining their access permissions. For example, a user may have a system role that grants them the ability to write and edit certain files, while others may have a system role that only allows them to read those files without editing permissions.

A person with the "Vessel Manager" role is responsible for managing and maintaining the organization's vessel registry. By design, the company has decided to grant the Vessel Manager a system role that provides full access to the vessel registry. This means the Vessel Manager can create, modify, and delete vessel records within the application.

RBAC provides a flexible and scalable approach to managing user access by aligning permissions with predefined roles, simplifying administration, and ensuring appropriate access controls within the application.