Role-Based Access Control (RBAC)
RBAC grants permissions based on roles instead of individual users.
Updated: 2026-03-05
Definition
RBAC assigns permissions to roles (job functions) and then assigns users to those roles.
It simplifies access management and supports least privilege by giving users only what their role requires.
Key points
- Roles map to responsibilities (e.g., Reader, Admin)
- Easier audits than per-user permissions
- Often combined with groups and policies
Common mistakes
- Giving broad admin roles for convenience (breaks least privilege).
- Mixing RBAC with resource policies without clear precedence rules.
Related exams
Microsoft Azure Fundamentals (AZ-900)
Free AZ-900 mini test. Continue in the app for offline packs and detailed explanations.
AWS Certified Solutions Architect – Associate (SAA-C03)
Free SAA-C03 mini test. Continue in the app for offline packs and detailed explanations.
CompTIA Security+ (SY0-701)
Free Security+ SY0-701 mini test. Continue in the app for offline packs and detailed explanations.
Related terms
Want to practice this in exam-style questions?
Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.
Go to exams