Role-based access control. RBAC. You may have heard of it; it is a classic and widely used authorization model - saying who can do what based on assigned roles. Access control is, of course, critical, and RBAC certainly helps out here. It does, though, at times, hit some limits, especially as you try to move closer to achieving the principle of least privilege in which no unnecessary permission is granted which helps thwart attackers and reduces the risks with insiders.
In our new article, we aim to provide you with an understanding of RBAC, with examples and an exploration of its strengths and weaknesses. This article is #28 on the Secure by Design Education Hub: Understanding Role-Based Access Control (RBAC).
As always, I welcome your thoughts and feedback and encourage you to share articles with those who may find it valuable.