RBAC is short for Role Based Access Control, an authorization and access control model in which access to restricted resources is granted or denied based on whether the requester's identity is associated with one or more role classifications required by the restricted resource.
Traditionally, security systems have often been structured to specify which individuals are allowed to access each restricted resource. As the number of restricted resources and number of individuals grows, this quickly becomes difficult to administer. When a person leaves the organization or joins the organization, the person must be removed from or added to all the relevant access control lists.
In Role Based Access Control, a level of abstraction in inserted between the restricted resource and the identities permitted to use that resource. A role descriptor is defined, typically aligned with job function (operator, manager, etc). The role descriptor is added to the access control list of the restricted resources. Individual identities are associated with or tagged with the role descriptor. When access to a restricted resource is requested, access can be granted by checking to see if the requesting identity is associated with one or more of the role definitions permitted to access the resource.
In this configuration, the number of role descriptors is relatively small even when there are a large number of users or resources involved, making the overall system easier to manage and administer than direct-reference access control lists.
