Identity & Access
Role-Based Access Control (RBAC)
Also known as: RBAC
Definition
An authorization model that grants permissions to roles rather than directly to users, so users inherit access by virtue of their role assignments.
Examples
- A Kubernetes ClusterRole that allows listing pods, bound to the "sre" group.
- An AWS IAM role granting EC2 read-only access, assumed by a CI/CD pipeline.
Related terms
Attribute-Based Access Control (ABAC)
An authorization model that evaluates policies over attributes of the subject, resource, action, and environment to decide whether to allow an access request.
Mandatory Access Control (MAC)
An access-control model in which a central policy — not the resource owner — enforces access decisions based on classifications and clearances assigned to subjects and objects.
Discretionary Access Control (DAC)
An access-control model in which the owner of a resource decides who can access it and what operations they can perform.
Principle of Least Privilege
A security principle that grants every user, process, or service only the minimum privileges strictly required to perform its function — no more.
Authorization
The process of deciding what an already-authenticated identity is allowed to do — which resources, actions and conditions are permitted.
Identity and Access Management (IAM)
A discipline and set of technologies for defining digital identities and controlling which resources each identity may access under which conditions.