<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=229461991482875&amp;ev=PageView&amp;noscript=1">

RBAC is a widely used acronym, which stands for Role-Based Access Control. It’s an approach used for managing access and permissions relating to things such as network systems, documents and shared resources.

Users are granted permission to access different parts of the system, or to carry out different tasks, based on their assigned “Role”.

Typically, this will be used in larger organisations, with sufficient user numbers to warrant managing permissions on the basis of role, rather than individually.

Roles are assigned based on things such as seniority/authority, proximity to the system or information and area of the business.

What does RBAC look like?

A simple example of an RBAC framework, relating to a single document, could be as follows:

  • Role 1 - Administrator
  • Role 2 - Editor
  • Role 3 - Reader

As an Administrator, you would likely have the permission to read, write and save changes to the document, as well as to assign roles to other users and to invite new users.

As an Editor, you would be able to read and alter the document and as a Reader you would have permission to read the document, perhaps to suggest changes, but not to physically make any changes.

The principles of this simple framework are applicable to most areas of a business. In fact, if you work in a business of a reasonable size you’ll more than likely already be using RBAC in one form or another.

If you think about your current process for business areas such as IT, HR and Legal, there will probably be some form of RBAC in play.

Why is it useful?

Use of RBAC to manage access to documents and systems has a multitude of benefits but the main two are:

  • Simplicity. In a growing business that’s adding staff or new units, it can quickly become burdensome to manage individual permissions. Using RBAC means you can swiftly assign an appropriate role to someone based on established reasoning.
  • Data and system integrity. Ensures that only those with sufficient privileges have the ability to access/alter records within a system.

How is RBAC applied in Gatekeeper?

RBAC is a feature of our Enterprise plans and has an obvious place in managing contracts and suppliers in large companies. With a contract management system, you’re looking to:

  • Create a central repository for your contract and supplier records, to act as a single source of truth for your business. For this to be effective and accurate, you need tight controls over who can view and update records, and under what circumstances.
  • Have an auditable chain of activity for each record. It’s vital to capture who accessed the records and what changes were made, so that you can maintain compliance.
  • Store confidential information such as costs, supply-chain details and personal data. Access to this kind of information must be limited only to those with sufficient seniority and oversight.
  • Delegate responsibility for upkeep to specific departments or business units. By making heads of business units responsible for their own areas, you reduce the administrative load on central teams.

For all these scenarios, RBAC will simplify the process of collaboration by making it easy to assign access to new users at an appropriate level.

Essentially, you need only do the thinking once at the start of the process to establish what your roles should be and what their respective levels of access are. After that, you simply need to allocate a role or number of roles to each user.

RBAC is available for Gatekeeper Enterprise customers.

To reflect their comparatively smaller sizes, Starter and Pro customers benefit from individual permission controls only. Rather than scaling up to use roles as the basis for permissions, they can simply be managed at team level or ownership level.

Users can be allocated access to the full range of records or be limited just to the ones that they are responsible for.

For more information on how Gatekeeper can help you maintain control over access to your contract and supplier data, contact us today.

Ian Bryce
Ian Bryce

Ian writes on a variety of topics, bringing together his own knowledge and experience with that of industry experts.


Contract Management , Control , Compliance , Vendor Management , Contract Lifecycle Management , Contract Management Software , Visibility , Contract Lifecycle , Case Study , Supplier Management , Vendor Management Software , Contract Risk Management , Vendor and Contract Lifecycle Management , Contract Management Strategy , Contract Repository , Risk Mitigation , Regulation , Contract Automation , Workflows , CLM , Contract Ownership , Contract Visibility , Contracts , Regulatory compliance , Supplier Performance , Supplier Risk , TPRM , Third Party Risk Management , VCLM , Contract and vendor management , Legal , Legal Ops , Podcast , Procurement , Risk , Vendor Onboarding , contract renewals , Future of Procurement , Gatekeeper Guides , Procurement Reimagined , Procurement Strategy , RFP , Supplier Relationships , Business continuity , CLM solutions , COVID-19 , Contract Managers , Contract Performance , Contract Redlining , Contract Review , Contract Risk , Contract compliance , ESG , Metadata , Negotiation , SaaS , Supplier Management Software , Vendor Portal , Vendor risk , webinar , Artificial Intelligence , Clause Library , Contract Administration , Contract Approvals , Contract Management Plans , ESG Compliance , Kanban , RBAC , Recession Planning , SOC Reports , Security , Sustainable Procurement , collaboration , AI , Audit preparedness , Audit readiness , Audits , Business Case , Clause Template , Contract Breach , Contract Governance , Contract Management Audit , Contract Management Automation , Contract Monitoring , Contract Obligations , Contract Outcomes , Contract Tracking , Contract Value , DORA , Dashboards , Data Fragmentation , Due Diligence , ECCTA , Employee Portal , Excel , FCA , ISO Certification , KPIs , Legal automation , LegalTech , Market IQ , NetSuite , Obligations Management , Procurement Planning , Redline , Scaling Business , Spend Analysis , Standard Contractual Clauses , Suppler Management Software , Touchless Contracts , Vendor Relationship Management , Vendor risk management , central repository , success hours , time-to-contract , APRA CPS 230 , APRA CPS 234 , Australia , BCP , Bill S-211 , Breach of Contract , Brexit , Business Growth , CCPA , CMS , CPRA 2020 , CSR , Categorisation , Centralisation , Certifications , Cloud , Conferences , Confidentiality , Contract Ambiguity , Contract Analysis , Contract Approval , Contract Attributes , Contract Challenges , Contract Change Management , Contract Community , Contract Disengagement , Contract Disputes , Contract Drafting , Contract Economics , Contract Execution , Contract Management Features , Contract Management Optimisation , Contract Management pain points , Contract Negotiation , Contract Obscurity , Contract Reminder Software , Contract Reporting , Contract Routing , Contract Stratification , Contract Templates , Contract Termination , Contract Volatility , Contract relevance , Contract relevance review , Contracting Standards , Contracting Standards Review , Cyber health , DPW , Data Privacy , Data Sovereignty , Definitions , Digital Transformation , Disputes , EU , Electronic Signatures , Enterprise , Enterprise Contract Management , Financial Services , Financial Stability , Force Majeure , GDPR , Gatekeeper , Healthcare , ISO , IT , Implementation , Integrations , Intergrations , Key Contracts , Measurement , Mergers and Acquisitions , Microsoft Word , Modern Slavery , NDA , Operations , Parallel Approvals , Partnerships , Pharma , Planning , Port Agency , Pricing , RAG Status , Redlining , Redlining solutions , Requirements , SaaStock , Shipping , Spend optimzation , Startups , SuiteApp , SuiteWorld , Supplier Cataloguing , Technology , Usability , Vendor Governance , Vendor compliance , Voice of the CEO , automation , concentration risk , contract management processes , contract reminders , document automation , eSign , esignature , post-signature , remote working , vendor centric , vendor lifecycle management

Related Content


subscribe to our newsletter


Sign up today to receive the latest GateKeeper content in your inbox.

Subscribe to Email Updates