<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=229461991482875&amp;ev=PageView&amp;noscript=1">

RBAC is a widely used acronym, which stands for Role-Based Access Control. It’s an approach used for managing access and permissions relating to things such as network systems, documents and shared resources.

Users are granted permission to access different parts of the system, or to carry out different tasks, based on their assigned “Role”.

Typically, this will be used in larger organisations, with sufficient user numbers to warrant managing permissions on the basis of role, rather than individually.

Roles are assigned based on things such as seniority/authority, proximity to the system or information and area of the business.

What does RBAC look like?

A simple example of an RBAC framework, relating to a single document, could be as follows:

  • Role 1 - Administrator
  • Role 2 - Editor
  • Role 3 - Reader

As an Administrator, you would likely have the permission to read, write and save changes to the document, as well as to assign roles to other users and to invite new users.

As an Editor, you would be able to read and alter the document and as a Reader you would have permission to read the document, perhaps to suggest changes, but not to physically make any changes.

The principles of this simple framework are applicable to most areas of a business. In fact, if you work in a business of a reasonable size you’ll more than likely already be using RBAC in one form or another.

If you think about your current process for business areas such as IT, HR and Legal, there will probably be some form of RBAC in play.

Why is it useful?

Use of RBAC to manage access to documents and systems has a multitude of benefits but the main two are:

  • Simplicity. In a growing business that’s adding staff or new units, it can quickly become burdensome to manage individual permissions. Using RBAC means you can swiftly assign an appropriate role to someone based on established reasoning.
  • Data and system integrity. Ensures that only those with sufficient privileges have the ability to access/alter records within a system.

How is RBAC applied in Gatekeeper?

RBAC is a feature of our Enterprise plans and has an obvious place in managing contracts and suppliers in large companies. With a contract management system, you’re looking to:

  • Create a central repository for your contract and supplier records, to act as a single source of truth for your business. For this to be effective and accurate, you need tight controls over who can view and update records, and under what circumstances.
  • Have an auditable chain of activity for each record. It’s vital to capture who accessed the records and what changes were made, so that you can maintain compliance.
  • Store confidential information such as costs, supply-chain details and personal data. Access to this kind of information must be limited only to those with sufficient seniority and oversight.
  • Delegate responsibility for upkeep to specific departments or business units. By making heads of business units responsible for their own areas, you reduce the administrative load on central teams.

For all these scenarios, RBAC will simplify the process of collaboration by making it easy to assign access to new users at an appropriate level.

Essentially, you need only do the thinking once at the start of the process to establish what your roles should be and what their respective levels of access are. After that, you simply need to allocate a role or number of roles to each user.

RBAC is available for Gatekeeper Enterprise customers.

To reflect their comparatively smaller sizes, Starter and Pro customers benefit from individual permission controls only. Rather than scaling up to use roles as the basis for permissions, they can simply be managed at team level or ownership level.

Users can be allocated access to the full range of records or be limited just to the ones that they are responsible for.

For more information on how Gatekeeper can help you maintain control over access to your contract and supplier data, contact us today.

Ian Bryce
Ian Bryce

Ian writes on a variety of topics, bringing together his own knowledge and experience with that of industry experts.


Contract Management , Contract Lifecycle Management , Vendor Management , Contract Management Software , Contract Lifecycle , Supplier Management , Case Study , Contract Risk Management , Contract Management Strategy , Risk Mitigation , Vendor Management Software , Contract Repository , CLM , Contract Automation , Contract Ownership , Contracts , Compliance , Risk , Supplier Performance , Supplier Risk , Workflows , Contract Redlining , Gatekeeper Guides , Legal , Negotiation , COVID-19 , Legal Ops , RFP , Vendor Onboarding , Artificial Intelligence , Business continuity , CLM solutions , Contract Managers , Contract Performance , Contract Review , Metadata , Regulatory compliance , Supplier Management Software , Supplier Relationships , Third Party Risk Management , Vendor Portal , contract renewals , webinar , AI , Clause Library , Contract Administration , Contract Management Plans , Contract Monitoring , Contract Risk , Contract Templates , Contract compliance , Electronic Signatures , Excel , Kanban , Procurement Strategy , RBAC , Recession Planning , Redline , Regulation , SaaS , Security , Spend Analysis , TPRM , Vendor risk , collaboration , Audit preparedness , Audit readiness , Audits , Business Case , Clause Template , Contract Approvals , Contract Breach , Contract Governance , Contract Management Audit , Contract Management Automation , Contract Management Features , Contract Obligations , Contract Outcomes , Contract Tracking , Contract Value , Dashboards , Data Fragmentation , Employee Portal , FCA , Gatekeeper , ISO Certification , IT , KPIs , LegalTech , Obligations Management , Procurement Planning , SOC Reports , Scaling Business , Standard Contractual Clauses , Suppler Management Software , Sustainable Procurement , Touchless Contracts , automation , central repository , eSign , time-to-contract , Australia , BCP , Breach of Contract , Brexit , Business Growth , CCPA , CMS , CPRA 2020 , CSR , Categorisation , Centralisation , Certifications , Cloud , Conferences , Confidentiality , Contract Ambiguity , Contract Analysis , Contract Attributes , Contract Challenges , Contract Change Management , Contract Community , Contract Disengagement , Contract Disputes , Contract Drafting , Contract Economics , Contract Execution , Contract Management Optimisation , Contract Management pain points , Contract Negotiation , Contract Obscurity , Contract Reminder Software , Contract Reporting , Contract Routing , Contract Stratification , Contract Termination , Contract Volatility , Contract and vendor management , Contract relevance , Contract relevance review , Contracting Standards , Contracting Standards Review , Data Privacy , Data Sovereignty , Definitions , Digital Transformation , Disputes , ESG , EU , Enterprise , Enterprise Contract Management , Financial Services , Force Majeure , GDPR , Hotels , ISO , Implementation , Integrations , Intergrations , Key Contracts , Legal automation , Measurement , Mergers and Acquisitions , Microsoft Word , Modern Slavery , NDA , Operations , Parallel Approvals , Partnerships , Pharma , Planning , Port Agency , Pricing , Procurement , RAG Status , Redlining , Redlining solutions , Requirements , SaaStock , Shipping , Spend optimzation , Startups , Supplier Cataloguing , Technology , Usability , contract reminders , remote working , success hours , vendor centric

Related Content


subscribe to our newsletter


Sign up today to receive the latest GateKeeper content in your inbox.

Subscribe to Email Updates