Deepak Gupta

Role-Based Access Control

RBAC.

An authorization model where permissions are granted to roles and users are assigned to roles, defined in NIST INCITS 359-2004.

RBAC was standardized as NIST INCITS 359-2004 and remains the most widely deployed authorization model in production CIAM. Every CIAM in this index ships RBAC primitives; the choice is bundled with the CIAM choice, not a separate evaluation.

Common questions

When is RBAC enough?

What's the difference between RBAC and ReBAC?

Should I use RBAC or ABAC?

Related terms

In the guides

RBAC vs ABAC vs ReBAC: Choosing an Authorization Model
Three authorization models, Role-Based, Attribute-Based, and Relationship-Based Access Control, with concrete examples, scaling characteristics, and when each is the right answer.