Role-Based Access Control (RBAC)

3rd March 2021 | Cybrary Role-Based Access Control (RBAC)


rbac cyber term

Role-Based Access Control (RBAC) is a strategy of limiting network access based on the roles of individual users within a business. RBAC lets employees have access rights only to the information they need to do their jobs and prevents them from accessing information that doesn’t pertain to them. An employee’s role in an organization defines the permissions an individual is given and ensures that lower-level employees can’t access sensitive information or perform high-level tasks that could put the company at risk. 

In role-based access control, the roles are based on several factors including authorization, job responsibility, and job competency. Businesses can assign whether a user is an end-user or an administrator and determine their privileges. In addition, access to computer resources can be limited to specific tasks, such as the ability to view, create or modify files. The RBAC risk strategy is a similar method to the principle of least privilege, giving a user account only the essential functions on the device needed to do their job. 

What does this mean for an SMB?

One of the best ways to protect your SMB from a major security breach is to implement RBAC or the principle of Least Privilege. Removing Administrator Rights from each employee operating a desktop computer can significantly reduce risk. This single action can mean the difference between a major ransomware compromise incident and no incident at all.

When your employee is tricked by a hacker into downloading and running malware on their computer, not having Administrative Rights should prevent the malware from installing.  This lack of local computer system rights could prevent the malware from encrypting that user’s files as well as the files they can access on network file servers.

To learn more about Role-Based Access Control, watch this video:

Sources: 

CISSP Glossary

TechTarget

DigitalGuardian

Additional Reading:

A Cluster Without RBAC Is An Insecure Cluster

Checklist for Onboarding Cloud Technology in a Hybrid Workplace

Related Terms:

Least Privilege

Access Control

Unauthorized Access

Two-Factor Authentication

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Klopatra: New Android Trojan Drains Bank Accounts via Hidden VNC

Klopatra: New Android Trojan Drains Bank Accounts via Hidden VNC

Newly discovered Android banking Remote Access Trojan (RAT), dubbed Klopatra, has compromised more than 3,000...

Read more
When One Password Ends It All

When One Password Ends It All

In June 2025, KNP Logistics Group, a transport company in the UK with 500 trucks and nearly two centuries of...

Read more
Automated Vulnerability Scanning and Penetration Testing Boost Cyber Resilience

Automated Vulnerability Scanning and Penetration Testing Boost Cyber Resilience

Vulnerability scanning and it's human led partner penetration testing (aka "pentesting") are excellent and...

Read more