Role-Based Access Control (RBAC) is an access management model in which permissions are assigned to roles rather than to individual users. Users are then granted one or more roles that collectively determine what resources and actions they may access. This approach simplifies administration considerably in larger organisations, as changes to permissions only need to be made at the role level.
RBAC is a cornerstone of the principle of least privilege and supports compliance with frameworks such as ISO 27001, SOC 2 and the GDPR. By aligning roles with job functions, organisations can reduce the risk of excessive access rights and streamline access reviews during internal or external audits.