Role-Based Access Control (RBAC)

3rd March 2021 | Cybrary Role-Based Access Control (RBAC)


rbac cyber term

Role-Based Access Control (RBAC) is a strategy of limiting network access based on the roles of individual users within a business. RBAC lets employees have access rights only to the information they need to do their jobs and prevents them from accessing information that doesn’t pertain to them. An employee’s role in an organization defines the permissions an individual is given and ensures that lower-level employees can’t access sensitive information or perform high-level tasks that could put the company at risk. 

In role-based access control, the roles are based on several factors including authorization, job responsibility, and job competency. Businesses can assign whether a user is an end-user or an administrator and determine their privileges. In addition, access to computer resources can be limited to specific tasks, such as the ability to view, create or modify files. The RBAC risk strategy is a similar method to the principle of least privilege, giving a user account only the essential functions on the device needed to do their job. 

What does this mean for an SMB?

One of the best ways to protect your SMB from a major security breach is to implement RBAC or the principle of Least Privilege. Removing Administrator Rights from each employee operating a desktop computer can significantly reduce risk. This single action can mean the difference between a major ransomware compromise incident and no incident at all.

When your employee is tricked by a hacker into downloading and running malware on their computer, not having Administrative Rights should prevent the malware from installing.  This lack of local computer system rights could prevent the malware from encrypting that user’s files as well as the files they can access on network file servers.

To learn more about Role-Based Access Control, watch this video:

Sources: 

CISSP Glossary

TechTarget

DigitalGuardian

Additional Reading:

A Cluster Without RBAC Is An Insecure Cluster

Checklist for Onboarding Cloud Technology in a Hybrid Workplace

Related Terms:

Least Privilege

Access Control

Unauthorized Access

Two-Factor Authentication

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Make Phishing Training Count with HootPhish

Make Phishing Training Count with HootPhish

Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...

Read more
Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...

Read more
CyberHoot Newsletter – May 2025

CyberHoot Newsletter – May 2025

Welcome to CyberHoot's May Newsletter! This month, we're spotlighting key developments in the cyber threat...

Read more