Before RBAC can be implemented in a company, the permissions for each role have to be defined as thoroughly as possible. This involves precisely defining the permissions for the following areas:
- Modification permissions for data (e.g. read, read and write, full access)
- Access permissions for company applications
- Permissions within the applications
To fully benefit from the advantages of the RBAC model, the first step is always to establish a model for the roles and permissions. This involves the organization assigning all employee responsibilities to specific roles which determine the corresponding access permissions. Then, the roles are assigned to employees according to their responsibilities. Role-based access control allows you to assign one or more roles per user. This also lets you individually assign access permissions with the role model. The goal of this is to ensure that the access permissions allow the users to perform their activities without having to make any additional modifications.
RBAC is implemented and monitored by an identity access management system (IAM). This system primarily supports companies with a large number of employees in recording, monitoring, and updating all identities and access permissions. Assigning permissions is called “provisioning”, and removing permissions is called “de-provisioning”. In order to use this kind of system, a uniform standardized role model must be established.