Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) is an access management approach where permissions are assigned to roles (like 'Project Manager' or 'System Administrator') rather than to individual users. Users are then assigned to roles, inheriting the permissions associated with those roles. When someone changes jobs, you change their role assignment rather than individually adjusting dozens of permissions.

RBAC simplifies access management, reduces errors, and supports the principle of least privilege. It's particularly effective in organizations with well-defined job functions, making it easier to ensure everyone has exactly the access they need — no more, no less.

Why It Matters

RBAC is a practical way to implement the least privilege and access control requirements in CMMC. Defining clear roles with appropriate permissions and assigning users to roles makes access management auditable and easier to demonstrate to assessors.

Related Resources

NIST 800-53: AC-3(7)