Interoperable Europe logo

Role-Based Access Control

Definition: Architecture Decision Record from where you should specialise the ADR SBBs regarding the Role-Based Access Control (RBAC)

Source: ISO/IEC/IEEE 42010:2022

Source reference: https://www.iso.org/standard/74393.html

Additional information: Role-Based Access Control (RBAC) is a concept in IT architecture that provides a method for controlling access to resources based on the roles of individual users within an organization. This approach is designed to simplify the process of managing access to sensitive data and systems by assigning permissions based on job responsibilities rather than individual identities. With RBAC, administrators can create roles that define specific access privileges and then assign those roles to users based on their job functions. This helps to ensure that users only have access to the resources they need to perform their duties, reducing the risk of unauthorized access and data breaches. RBAC is widely used in enterprise environments and is considered a best practice for access control in IT security.

Example: Role-Based Access Control (RBAC):
Decision: Implementing RBAC to enforce fine-grained access controls based on user roles and permissions.
Rationale: RBAC provides a structured and manageable approach to access control, ensuring that users have appropriate privileges based on their roles within the system, minimizing the risk of unauthorized actions.

LOST view: Digital Solution Architecture Decisions Catalogue view

Identifier: http://data.europa.eu/dr8/egovera/Role-BasedAccessControlGoal

EIRA traceability: eira:DigitalSolutionArchitectureDecisionGoal

ABB name: egovera:Role-BasedAccessControlGoal

EIRA concept: eira:ArchitectureBuildingBlock

Last modification: 2023-06-15

dct:identifier: ADR-20230515180947403

dct:title: Architecture Decision Record about Role-Based Access Control (RBAC)

eira:adr_context: The context explains why we need to make a decision. It also describes the alternatives along with the pros and cons.

eira:adr_decision: The decision describes the justification for why the particular solution was accepted. It has more emphasis on the why rather than the how.

eira:adr_status: [Proposed (under review)|Accepted (approved and ready for implementation)|Superseded (superseded by another decision)]

eira:adr_consecuences: The consequences section contains information about the overall impact of an architectural decision. Every decision has trade-offs. That’s why it’s crucial to include the analysis to provide a clear picture.