HAUPTMENÜ
Definition

Role-based access control (RBAC)

Role-based access control (RBAC) grants permissions according to a user's role in an organization, rather than assigning access person by person. Learn how RBAC works, how it compares to other access models, and why it is the practical foundation of least privilege.

DT Devolutions Team · July 7, 2026 · 2 min read

What is role-based access control (RBAC)?

Role-based access control (RBAC) is a model that grants permissions based on a user's role — their function in the organization — rather than to each individual separately. A role bundles the access appropriate to a job, and users inherit that access by being assigned the role. Change the role, and everyone in it is updated at once.

How does RBAC work?

RBAC organizes access around roles:

  • Permissions define what actions are allowed on which resources.
  • Roles group the permissions that fit a particular job function.
  • Users are assigned one or more roles and inherit their permissions.
  • Changes made to a role apply automatically to everyone assigned it.

This makes access consistent and easy to reason about: you manage a manageable number of roles rather than the access of every individual.

RBAC vs. other access models

RBAC is one of several access-control models. It differs from the alternatives in what it bases decisions on:

Model Basis for access
Role-based (RBAC) The user's assigned role or job function.
Attribute-based (ABAC) Attributes of the user, resource, and context.
Discretionary (DAC) The resource owner's discretion.
Mandatory (MAC) Central labels and clearance levels.

Why does RBAC matter?

RBAC is the practical way most organizations enforce least privilege at scale. By tying access to roles, it keeps permissions consistent, makes onboarding and offboarding a matter of assigning or removing roles, and simplifies audit — you can see what any role can do, and who holds it. It reduces both the errors and the standing risk that come from managing access one person at a time.

Frequently asked questions

What is role-based access control (RBAC)?

Role-based access control (RBAC) is a model that grants permissions based on a user's role in an organization rather than to each individual separately. A role bundles the access appropriate to a job, and users inherit that access by being assigned the role.

How is RBAC different from attribute-based access control (ABAC)?

RBAC bases access on the user's assigned role or job function, while attribute-based access control (ABAC) bases access on attributes of the user, resource, and context. RBAC is simpler to manage; ABAC is more granular and dynamic.

Why is RBAC important?

RBAC is the practical way most organizations enforce least privilege at scale. It keeps permissions consistent, makes onboarding and offboarding a matter of assigning or removing roles, and simplifies audit by making it clear what any role can do and who holds it.

Access control that scales

Grant access by role and enforce least privilege with the Devolutions platform.

Explore Devolutions PAM

Related terms

Least privilege

Granting users only the access needed to carry out their responsibilities.

Read now

Identity and access management (IAM)

Authenticating identities and controlling their access to resources.

Read now

Privileged access management (PAM)

Controls, audits, and secures access to an organization's most sensitive systems.

Read now