Access Control Fundamentals

12.3. Non-Discretionary or Role-Based Access Control

• A RBAC is based on user roles and uses a centrally administered set of controls to determine how subjects and objects interact.
• The RBAC approach simplifies the access control administration
• It is a best system for a company that has high employee turnover.
• Note: The RBAC can be generally used in combination with MAC and DAC systems