RBAC is a widely used acronym, which stands for Role-Based Access Control. It’s an approach used for managing access and permissions relating to things such as network systems, documents and shared resources.
Users are granted permission to access different parts of the system, or to carry out different tasks, based on their assigned “Role”.
Typically, this will be used in larger organisations, with sufficient user numbers to warrant managing permissions on the basis of role, rather than individually.
Roles are assigned based on things such as seniority/authority, proximity to the system or information and area of the business.
What does RBAC look like?
A simple example of an RBAC framework, relating to a single document, could be as follows:
- Role 1 - Administrator
- Role 2 - Editor
- Role 3 - Reader
As an Administrator, you would likely have the permission to read, write and save changes to the document, as well as to assign roles to other users and to invite new users.
As an Editor, you would be able to read and alter the document and as a Reader you would have permission to read the document, perhaps to suggest changes, but not to physically make any changes.
The principles of this simple framework are applicable to most areas of a business. In fact, if you work in a business of a reasonable size you’ll more than likely already be using RBAC in one form or another.
If you think about your current process for business areas such as IT, HR and Legal, there will probably be some form of RBAC in play.
Why is it useful?
Use of RBAC to manage access to documents and systems has a multitude of benefits but the main two are:
- Simplicity. In a growing business that’s adding staff or new units, it can quickly become burdensome to manage individual permissions. Using RBAC means you can swiftly assign an appropriate role to someone based on established reasoning.
- Data and system integrity. Ensures that only those with sufficient privileges have the ability to access/alter records within a system.
How is RBAC applied in Gatekeeper?
RBAC is a feature of our Enterprise plans and has an obvious place in managing contracts and suppliers in large companies. With a contract management system, you’re looking to:
- Create a central repository for your contract and supplier records, to act as a single source of truth for your business. For this to be effective and accurate, you need tight controls over who can view and update records, and under what circumstances.
- Have an auditable chain of activity for each record. It’s vital to capture who accessed the records and what changes were made, so that you can maintain compliance.
- Store confidential information such as costs, supply-chain details and personal data. Access to this kind of information must be limited only to those with sufficient seniority and oversight.
- Delegate responsibility for upkeep to specific departments or business units. By making heads of business units responsible for their own areas, you reduce the administrative load on central teams.
For all these scenarios, RBAC will simplify the process of collaboration by making it easy to assign access to new users at an appropriate level.
Essentially, you need only do the thinking once at the start of the process to establish what your roles should be and what their respective levels of access are. After that, you simply need to allocate a role or number of roles to each user.
RBAC is available for Gatekeeper Enterprise customers.
To reflect their comparatively smaller sizes, Starter and Pro customers benefit from individual permission controls only. Rather than scaling up to use roles as the basis for permissions, they can simply be managed at team level or ownership level.
Users can be allocated access to the full range of records or be limited just to the ones that they are responsible for.