What is RBAC (Role-Based Access Control)?
Turkish: RBAC
RBAC is an authorization model that assigns permissions to job roles instead of individual users, making access management easier to govern.
What is RBAC?
RBAC (Role-Based Access Control) is an access control model that assigns permissions to roles instead of directly to individuals. For example, roles such as “Accounting”, “Warehouse Manager”, or “Support Agent” receive specific screens, actions, and data scopes; users are then assigned to those roles.
This structure simplifies onboarding and job changes. A user receives access through a role instead of being granted every permission one by one. If roles are defined too broadly, however, unnecessary access risk increases.
Design Principles
- Least privilege: A role should receive only the permissions needed for the job.
- Separation of duties: Rules such as “the person creating a payment should not approve it” are preserved.
- Role hierarchy: Manager roles may inherit permissions from lower roles.
- Audit trail: Systems should log which role performed which action.
Business Use
RBAC is common in ERP, CRM, admin panels, intranets, SaaS products, and reporting tools. The most common problem is role explosion: if every exception creates a new role, the model becomes hard to manage. Periodic access reviews and time-limited elevation reduce that risk.
Zero Trust complements RBAC with continuous verification and contextual checks, while OAuth 2.0 is often used for the protocol side of identity and authorization flows.
Related Terms
ABAC is an authorization model that evaluates user, resource, action, and environment attributes instead of relying only on roles.
OAuth 2.0OAuth 2.0 is an authorization framework that allows third-party applications to access resources without the user's password.
Zero Trust SecurityZero Trust continuously validates each user, device, and request by identity, context, and permission instead of trusting network location.