CS 3306 01 Written Assignment Unit 4
CS 3306 01 Written Assignment Unit 4
According to an article published on IBM’s website by Lindemulder and Kosinski (2024), titled
“What is role-based access control (RBAC)?”, role-based access control (RBAC) is a type of
model that is used to authorize end-users access to systems or assets that need strict supervision
and access control, such as top critical system applications, database infrastructure, and highly
sensitive data, all based on the end-user’s predefined role and the scope of their role.
Role-based access control model is popularly known and preferred majority of the time over
other access control systems mainly because of how its strict regulations and how it limits access
to certain assets, privileges, or parts of a system or infrastructure based on the role of the entity in
They went on to clarify in their article that large organizations with many employees often use
RBAC to simplify access management and maintain information security for digital resources.
This has led some businesses also to use RBAC to grant security clearance for physical assets
such as electronic locks on buildings, offices, and data centers (Lindemulder & Kosinski, 2024).
By restricting users’ access to the resources needed for their roles, RBAC can help defend against
malicious insiders, negligent employees, and external threat actors (Lindemulder & Kosinski,
2024).
Some examples of RBAC designations as used in today’s workspace and organizational settings
Management Role Scope: It is a type of RBAC designation that limits the access a role or role
Management Role: The type of task that can be performed by a given role group.
What are the benefits of RBAC? Some of them are discussed in the section below.
BENEFITS OF RBAC
or company to reduce the need for paperwork and password changes whenever an
employee is hired or has a change in role (Digital Guardian, 2018). This allows them to
focus their resources on tasks that truly matter, and to reduce the burden on their
administrative section.
operational efficiency by giving it the tools to align the roles of its employees or entities
in the organization to the business structure it is based on, allowing it to do its job more
and regulatory requirements for privacy and confidentiality, making sure that user data is
accessed with the most care, and is protected from threats both internally and externally
Role-based access control is one of many access control systems currently available for use by
organizations and companies alike, one of which is the LBAC (Label-based access control).
However, there are some reasons why role-based access control seems to be the most preferred
RBAC removes the necessity to assign each individual user a tailored set of user permissions.
Rather, established RBAC roles dictate access rights (Lindemulder & Kosinski, 2024). This
method simplifies the process for organizations to onboard or offboard employees, adjust job
Secondly, adopting RBAC additionally aids businesses in adhering to data protection regulations,
including requirements that pertain to financial services and healthcare entities (Lindemulder &
Kosinski, 2024). RBAC offers clarity for regulators about who is accessing or altering sensitive
information, when this is happening, and how it is being done (Lindemulder & Kosinski, 2024).
Finally, RBAC policies aid in mitigating cybersecurity risks by applying the principle of least
privilege (PoLP) (Lindemulder & Kosinski, 2024). This provides users access to only the
essential permissions needed to accomplish a task or perform job duties (Lindemulder &
Kosinski, 2024). For instance, a junior developer may have the authorization to edit an app’s
source code but cannot implement changes without obtaining a supervisor’s consent. Therefore,
data loss and deliberate data breaches (Lindemulder & Kosinski, 2024).
CONCLUSION
In conclusion, role-based access control is very effective in managing access to assets and
different parts of a system, and it is one of the best security infrastructures for fighting insider
threats. By limiting the level of access that individuals or entities have within an organization or
company, the infrastructure can be protected on a deeper level of trust, and any form of problem
that arises can be easily traced and mitigated before widespread damage can be done.
Reference:
Lindemulder, G., & Kosinski, M. (2024, December 2). What is role-based access control
(RBAC)? https://www.ibm.com/think/topics/rbac
Digital Guardian. (2018, August 20). What is Role-Based Access Control (RBAC)? Examples,
examples-benefits-and-more