Role Based Access Control (RBAC) is the establishment of access rights based on a user’s role in the organization. When an organization looks at the job of provisioning thousands of users and thousands of network devices for hundreds of applications, it can be daunting. One of the ways to simplify this task is to implement access controls for a limited number of roles instead of for each individual.
In a medical office, for example, a receptionist is going to need access to different pieces of information than a doctor, who will need different information and access rights than a nurse. But in general, all receptionists need the same rights.
In a database or directory that supports RBAC, an administrator can define the roles of doctor, nurse and receptionist and assign access rights to those roles. A new nurse is simply linked to the role of nurse. De-provisioning is easier, too; if a receptionist leaves, she is just unlinked from the role of receptionist and no longer has access rights.