Written Assignment Unit 4

University of the People

Department of Computer Science

CS 3306-01 - DATABASE 2 - AY2025-T2

Dr. Brian Stevens (Instructor)

December 5th, 2024

 ROLE-BASED ACCESS CONTROL (RBAC)

According to an article published on IBM’s website by Lindemulder and Kosinski (2024), titled

“What is role-based access control (RBAC)?”, role-based access control (RBAC) is a type of

model that is used to authorize end-users access to systems or assets that need strict supervision

and access control, such as top critical system applications, database infrastructure, and highly

sensitive data, all based on the end-user’s predefined role and the scope of their role.

Role-based access control model is popularly known and preferred majority of the time over

other access control systems mainly because of how its strict regulations and how it limits access

to certain assets, privileges, or parts of a system or infrastructure based on the role of the entity in

question (an employee, a user, or even a component of a fully coordinated system).

They went on to clarify in their article that large organizations with many employees often use

RBAC to simplify access management and maintain information security for digital resources.

This has led some businesses also to use RBAC to grant security clearance for physical assets

such as electronic locks on buildings, offices, and data centers (Lindemulder & Kosinski, 2024).

By restricting users’ access to the resources needed for their roles, RBAC can help defend against

malicious insiders, negligent employees, and external threat actors (Lindemulder & Kosinski,

2024).

Some examples of RBAC designations as used in today’s workspace and organizational settings

are described below, as presented in an article published by Digital Guardian (2018):

Management Role Scope: It is a type of RBAC designation that limits the access a role or role

group has over an asset.

Management Role Group: It allows the addition or removal of members from a given role group.

Management Role: The type of task that can be performed by a given role group.

Management Role Assignment: It links a role to a given role group.

What are the benefits of RBAC? Some of them are discussed in the section below.

BENEFITS OF RBAC

1. Reducing administrative work and IT support: RBAC allows an organization, enterprise,

or company to reduce the need for paperwork and password changes whenever an

employee is hired or has a change in role (Digital Guardian, 2018). This allows them to

focus their resources on tasks that truly matter, and to reduce the burden on their

administrative section.

2. Maximizing operational efficiency: RBAC allows an organization to maximize its

operational efficiency by giving it the tools to align the roles of its employees or entities

in the organization to the business structure it is based on, allowing it to do its job more

efficiently and autonomously (Digital Guardian, 2018).

3. Improving Compliance: RBAC allows companies and organizations to meet sanctuary

and regulatory requirements for privacy and confidentiality, making sure that user data is

accessed with the most care, and is protected from threats both internally and externally

(Digital Guardian, 2018).

 DIFFERENCES BETWEEN RBAC AND OTHER ACCESS CONTROL LIKE LBAC

Role-based access control is one of many access control systems currently available for use by

organizations and companies alike, one of which is the LBAC (Label-based access control).

However, there are some reasons why role-based access control seems to be the most preferred

one among them all.

RBAC removes the necessity to assign each individual user a tailored set of user permissions.

Rather, established RBAC roles dictate access rights (Lindemulder & Kosinski, 2024). This

method simplifies the process for organizations to onboard or offboard employees, adjust job

responsibilities, and change business operations (Lindemulder & Kosinski, 2024).

Secondly, adopting RBAC additionally aids businesses in adhering to data protection regulations,

including requirements that pertain to financial services and healthcare entities (Lindemulder &

Kosinski, 2024). RBAC offers clarity for regulators about who is accessing or altering sensitive

information, when this is happening, and how it is being done (Lindemulder & Kosinski, 2024).

Finally, RBAC policies aid in mitigating cybersecurity risks by applying the principle of least

privilege (PoLP) (Lindemulder & Kosinski, 2024). This provides users access to only the

essential permissions needed to accomplish a task or perform job duties (Lindemulder &

Kosinski, 2024). For instance, a junior developer may have the authorization to edit an app’s

source code but cannot implement changes without obtaining a supervisor’s consent. Therefore,

by restricting access to confidential information, RBAC assists in avoiding both unintentional

data loss and deliberate data breaches (Lindemulder & Kosinski, 2024).
 CONCLUSION

In conclusion, role-based access control is very effective in managing access to assets and

different parts of a system, and it is one of the best security infrastructures for fighting insider

threats. By limiting the level of access that individuals or entities have within an organization or

company, the infrastructure can be protected on a deeper level of trust, and any form of problem

that arises can be easily traced and mitigated before widespread damage can be done.
Reference:

Lindemulder, G., & Kosinski, M. (2024, December 2). What is role-based access control

(RBAC)? https://www.ibm.com/think/topics/rbac

Digital Guardian. (2018, August 20). What is Role-Based Access Control (RBAC)? Examples,

Benefits, and More. https://www.digitalguardian.com/blog/what-role-based-access-control-rbac-

examples-benefits-and-more