top of page


RBAC stands for role based access control. This is a security protocol which is commonly used in large organizations. The key concept is that permission to perform operations and access to objects are assigned to specific roles, rather than individuals. Users are not assigned permissions directly. The right to a particular role must be authorized for an individual user.

Flat RBAC allows a user to have the permissions of multiple roles. Hierarchical RBAC incorporates Flat RBAC, and allows for one role to be inherited from another role. Constrained RBAC incorporates hierarchical RBAC, but separates duties - more than one person is required to complete a task. Symmetric RBAC involves permission role review - an admin must periodically adjust permissions.

The National Institute of Standards and Technology (NIST) has established a national RBAC standard, depicted in the below diagram.

bottom of page